Error in update policy-sources-1.11.2-21

Richard Hally rhally at mindspring.com
Sun May 2 22:30:58 UTC 2004


Efthym wrote:

> Here's my acct.te
> 
> #DESC Acct - BSD process accounting
> #
> # Author:  Russell Coker <russell at coker.com.au>
> # X-Debian-Packages: acct
> #
> 
> #################################
> #
> # Rules for the acct_t domain.
> #
> # acct_exec_t is the type of the acct executable.
> #
> daemon_base_domain(acct)
> ifdef(`crond.te', `
> system_crond_entry(acct_exec_t, acct_t)
> 
> # for monthly cron job
> file_type_auto_trans(acct_t, var_log_t, wtmp_t, file)
> ')
> 
> # for SSP
> allow acct_t urandom_device_t:chr_file read;
> 
> allow acct_t logrotate_exec_t:file getattr;
> r_dir_file(logrotate_t, acct_data_t)
> 
> type acct_data_t, file_type, sysadmfile;
> 
> allow acct_t self:capability sys_pacct;
> 
> # gzip needs chown capability for some reason
> allow acct_t self:capability chown;
> 
> allow acct_t var_t:dir { getattr search };
> rw_dir_create_file(acct_t, acct_data_t)
> 
> can_exec(acct_t, { shell_exec_t bin_t initrc_exec_t acct_exec_t })
> allow acct_t { bin_t sbin_t }:dir search;
> allow acct_t bin_t:lnk_file read;
> 
> read_locale(acct_t)
> 
> allow acct_t self:capability fsetid;
> allow acct_t fs_t:filesystem getattr;
> 
> allow acct_t self:unix_stream_socket create_socket_perms;
> 
> allow acct_t self:fifo_file { read write getattr };
> 
> allow acct_t proc_t:file { read getattr };
> 
> allow acct_t { sysctl_kernel_t sysctl_t }:dir search;
> allow acct_t sysctl_kernel_t:file read;
> 
> dontaudit acct_t sysadm_home_dir_t:dir { getattr search };
> 
> # for nscd
> dontaudit acct_t var_run_t:dir search;
> 
> # not sure why we need this, the command "last" is reported as using it
> dontaudit acct_t self:capability kill;
> 
> allow acct_t devtty_t:chr_file { read write };
> 
> allow acct_t { etc_t etc_runtime_t }:file { read getattr };
> 
>> I ran yum update today which included policy and policy-sources and 
>> did  not have this problem. If you put acct.te from 
>> policy/domains/program  directory in a message(it's short) someone can 
>> compare it to theirs and  see if  there is a difference. Another 
>> possibility is the macros that  are used in that file.
>> HTH
>> Richard Hally
>>
>>
> 
> Thanx
> 
The acct.te file looks exactly like mine. Have you made changes to the 
policy sources? Does the problem show up if you run make in the policy 
directory. consider erasing policy-sources and reinstalling to see if 
that clears it up.
Sorry I can't be more help.
Richard Hally






More information about the test mailing list