selinux vbetool error
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 10 17:21:16 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/10/2011 12:18 PM, Alex wrote:
> Hi,
>
>>> is this a problem with the policy for munin or my system in general?
>>
>> If you have already relabeled (and it sounds like you have) then yes, it
>> would be a bug with selinux-policy.
>>
>> You can always generate a policy to workaround the issue with:
>>
>> $ audit2allow -M mypolicy
>> [paste AVC message here]
>> CTRL+D
>> # semodule -i mypolicy.pp
>
> In a previous message in this thread, I wrote that I had done just that:
>
> # cat mylog
> type=AVC msg=audit(1299774763.043:2272): avc: denied { getattr } for
> pid=3245 comm="httpd" path="/etc/munin/htpasswd.users" dev=sda1
> ino=3543833 scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:munin_etc_t:s0 tclass=file
> type=AVC msg=audit(1299777304.684:2366): avc: denied { write } for
> pid=12066 comm="munin_stats" name="munin_stats-127.0.0.1" dev=sda1
> ino=3676145 scontext=unconfined_u:system_r:munin_t:s0
> tcontext=system_u:object_r:munin_plugin_state_t:s0 tclass=file
>
> # cat mylog | audit2allow -M mypol && semodule -i mypol.pp
> ******************** IMPORTANT ***********************
> To make this policy package active, execute:
>
> semodule -i mypol.pp
>
> And it has no effect..
>
>> I would suggest you collect all the information you can and open a bug
>> report.
>
> Does this still sound like a bug or am I doing something wrong?
>
> Thanks,
> A
We would need to see the new AVC information.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk15CIwACgkQrlYvE4MpobPYnQCgk4nkRdZUs2LmMWwSYuvbBO1j
DDUAoLx0hKmRogoWV1TzEdnjR8mVykG+
=Vy1H
-----END PGP SIGNATURE-----
More information about the users
mailing list