Ye olde "avc granted"
Daniel J Walsh
dwalsh at redhat.com
Wed Mar 27 15:01:55 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/26/2013 05:13 PM, m.roth at 5-cent.us wrote:
> m.roth at 5-cent.us wrote:
>> Daniel J Walsh wrote:
>>> On 03/26/2013 03:27 PM, m.roth at 5-cent.us wrote:
>>>> Daniel J Walsh wrote:
>>>>> On 03/26/2013 03:12 PM, m.roth at 5-cent.us wrote:
>>>>>> Daniel J Walsh wrote:
>>>>>>> On 03/26/2013 03:08 PM, m.roth at 5-cent.us wrote:
>>>>>>>>
>>>>>>>> Got a server that's throwing a ton of avc granted, all
>>>>>>>> related to Matlab. I saw something via google from '06, for a
>>>>>>>> java thing - is there something I can use to shut this up?
>>>>>>>>
>>>>>>>> CentOS 5.9, current.
>>>> <snip>
>>>>> One hack to fix this would be to turn the boolean off and then
>>>>> write a custom policy module to allow unconfined_t execheap.
>>>>>
>>>>> policy_module(myunconfined, 1.0) gen_require(` type unconfined_t;
>>>>> ') allow unconfined_t self:process execheap;
>>>>
> What a *pain*. As I said, I'm on CentOS 5.9, and rpm -qa | grep
> selinux-policy\* selinux-policy-2.4.6-327.el5
> selinux-policy-targeted-2.4.6-327.el5
>
> audit2allow doesn't seem to have a debug switch, and I've tried exactly
> what you wrote, as well as the one I posted, and checkmodule chokes on
> everything.
>
> mark
>
How does it choke?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFTCeMACgkQrlYvE4MpobMZLACgnz/rNQfR0izn3febBWYEePu0
D18AoJ3EKXETIB27xk8731k2EjCd5rPK
=/IyU
-----END PGP SIGNATURE-----
More information about the selinux
mailing list