FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 06-24-2010, 06:39 PM
"Radha Venkatesh (radvenka)"
 
Default avc: denied { ptrace } messages

During the startup of one of our process, I notice a lot of avc
denial messages for ptrace, as shown below. I have
tried the suggestions by audit2allow, used the various macros for ptrace (also
pasted below), but nothing seems to work. Could you help?

*
type=AVC msg=audit(1277403181.796:261073): avc:* denied* {
ptrace } for* pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL
msg=audit(1277403181.796:261073): arch=40000003 syscall=3 success=yes exit=181
a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC
msg=audit(1277403181.797:261074): avc:* denied* { ptrace } for*
pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023
tclass=process
type=SYSCALL msg=audit(1277403181.797:261074): arch=40000003
syscall=3 success=yes exit=183 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0
ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC
msg=audit(1277403181.799:261075): avc:* denied* { ptrace } for*
pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL
msg=audit(1277403181.799:261075): arch=40000003 syscall=3 success=yes exit=187
a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0
key=(null)
type=AVC msg=audit(1277403181.799:261076): avc:* denied*
{ ptrace } for* pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL
msg=audit(1277403181.799:261076): arch=40000003 syscall=3 success=yes exit=185
a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0
key=(null)
type=AVC msg=audit(1277403181.800:261077): avc:* denied*
{ ptrace } for* pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
tcontext=root:sysadm_r:sysadm_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL
msg=audit(1277403181.800:261077): arch=40000003 syscall=3 success=yes exit=203
a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0
key=(null)
type=AVC msg=audit(1277403181.801:261078): avc:* denied*
{ ptrace } for* pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
tcontext=root:system_r:auditd_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL
msg=audit(1277403181.801:261078): arch=40000003 syscall=3 success=yes exit=200
a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0
key=(null)
type=AVC msg=audit(1277403181.801:261079): avc:* denied*
{ ptrace } for* pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
tcontext=root:system_r:audisp_t:s0-s0:c0.c1023 tclass=process
*
The
audit2allow tools suggests the below
*
allow servm_t audisp_trocess ptrace;
allow
servm_t auditd_trocess ptrace;
allow servm_t crond_trocess
ptrace;
*allow servm_t setrans_trocess ptrace;
allow servm_t
sshd_trocess ptrace;
allow servm_t sysadm_trocess ptrace;
allow
servm_t udev_trocess ptrace;
*
However, when these rules were added, there was no change in the avc
messages. I also tried the macro
*
domain_ptrace_all_domains(servm_t)
*
and
*
allow servm_t
self:capability { sys_ptrace };
*
But
none of this makes a difference to the avc messages
generated.
*
Thanks,
Radha.


*
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 06-24-2010, 06:44 PM
Dominick Grift
 
Default avc: denied { ptrace } messages

On 06/24/2010 08:39 PM, Radha Venkatesh (radvenka) wrote:
> During the startup of one of our process, I notice a lot of avc denial
> messages for ptrace, as shown below. I have tried the suggestions by
> audit2allow, used the various macros for ptrace (also pasted below), but
> nothing seems to work. Could you help?
>
> type=AVC msg=audit(1277403181.796:261073): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.796:261073): arch=40000003 syscall=3
> success=yes exit=181 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.797:261074): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.797:261074): arch=40000003 syscall=3
> success=yes exit=183 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.799:261075): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.799:261075): arch=40000003 syscall=3
> success=yes exit=187 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.799:261076): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.799:261076): arch=40000003 syscall=3
> success=yes exit=185 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.800:261077): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:sysadm_r:sysadm_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.800:261077): arch=40000003 syscall=3
> success=yes exit=203 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.801:261078): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:system_r:auditd_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.801:261078): arch=40000003 syscall=3
> success=yes exit=200 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.801:261079): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:system_r:audisp_t:s0-s0:c0.c1023 tclass=process
>
> The audit2allow tools suggests the below
>
> allow servm_t audisp_trocess ptrace;
> allow servm_t auditd_trocess ptrace;
> allow servm_t crond_trocess ptrace;
> allow servm_t setrans_trocess ptrace;
> allow servm_t sshd_trocess ptrace;
> allow servm_t sysadm_trocess ptrace;
> allow servm_t udev_trocess ptrace;
>
> However, when these rules were added, there was no change in the avc
> messages. I also tried the macro
>
> domain_ptrace_all_domains(servm_t)
>
> and
>
> allow servm_t self:capability { sys_ptrace };
>
> But none of this makes a difference to the avc messages generated.

Looks like a mcs constraint issue. What does audit2why say?

> Thanks,
> Radha.
>
>
>
>
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 06-24-2010, 06:47 PM
Dominick Grift
 
Default avc: denied { ptrace } messages

On 06/24/2010 08:39 PM, Radha Venkatesh (radvenka) wrote:
> During the startup of one of our process, I notice a lot of avc denial
> messages for ptrace, as shown below. I have tried the suggestions by
> audit2allow, used the various macros for ptrace (also pasted below), but
> nothing seems to work. Could you help?
>
> type=AVC msg=audit(1277403181.796:261073): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.796:261073): arch=40000003 syscall=3
> success=yes exit=181 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.797:261074): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.797:261074): arch=40000003 syscall=3
> success=yes exit=183 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.799:261075): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.799:261075): arch=40000003 syscall=3
> success=yes exit=187 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.799:261076): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.799:261076): arch=40000003 syscall=3
> success=yes exit=185 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.800:261077): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:sysadm_r:sysadm_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.800:261077): arch=40000003 syscall=3
> success=yes exit=203 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.801:261078): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:system_r:auditd_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.801:261078): arch=40000003 syscall=3
> success=yes exit=200 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null)
> type=AVC msg=audit(1277403181.801:261079): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:system_r:audisp_t:s0-s0:c0.c1023 tclass=process
>
> The audit2allow tools suggests the below
>
> allow servm_t audisp_trocess ptrace;
> allow servm_t auditd_trocess ptrace;
> allow servm_t crond_trocess ptrace;
> allow servm_t setrans_trocess ptrace;
> allow servm_t sshd_trocess ptrace;
> allow servm_t sysadm_trocess ptrace;
> allow servm_t udev_trocess ptrace;
>
> However, when these rules were added, there was no change in the avc
> messages. I also tried the macro
>
> domain_ptrace_all_domains(servm_t)
>
> and
>
> allow servm_t self:capability { sys_ptrace };
>
> But none of this makes a difference to the avc messages generated.

try these:

domain_ptrace_all_domains(servm_t)
mcs_ptrace_all(servm_t)

> Thanks,
> Radha.
>
>
>
>
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 06-24-2010, 07:15 PM
"Radha Venkatesh (radvenka)"
 
Default avc: denied { ptrace } messages

Thanks, Dominick! That worked!

-----Original Message-----
From: selinux-bounces@lists.fedoraproject.org
[mailto:selinux-bounces@lists.fedoraproject.org] On Behalf Of Dominick
Grift
Sent: Thursday, June 24, 2010 11:48 AM
To: selinux@lists.fedoraproject.org
Subject: Re: avc: denied { ptrace } messages

On 06/24/2010 08:39 PM, Radha Venkatesh (radvenka) wrote:
> During the startup of one of our process, I notice a lot of avc denial

> messages for ptrace, as shown below. I have tried the suggestions by
> audit2allow, used the various macros for ptrace (also pasted below),
> but nothing seems to work. Could you help?
>
> type=AVC msg=audit(1277403181.796:261073): avc: denied { ptrace }
> for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.796:261073): arch=40000003 syscall=3

> success=yes exit=181 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0
> ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null) type=AVC
> msg=audit(1277403181.797:261074): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.797:261074): arch=40000003 syscall=3

> success=yes exit=183 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0
> ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null) type=AVC
> msg=audit(1277403181.799:261075): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.799:261075): arch=40000003 syscall=3

> success=yes exit=187 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0
> ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null) type=AVC
> msg=audit(1277403181.799:261076): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.799:261076): arch=40000003 syscall=3

> success=yes exit=185 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0
> ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null) type=AVC
> msg=audit(1277403181.800:261077): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:sysadm_r:sysadm_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.800:261077): arch=40000003 syscall=3

> success=yes exit=203 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0
> ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null) type=AVC
> msg=audit(1277403181.801:261078): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:system_r:auditd_t:s0-s0:c0.c1023 tclass=process
> type=SYSCALL msg=audit(1277403181.801:261078): arch=40000003 syscall=3

> success=yes exit=200 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0
> ppid=27313
> pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps"
> subj=system_u:system_r:servm_t:s0 key=(null) type=AVC
> msg=audit(1277403181.801:261079): avc: denied { ptrace } for
> pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
> tcontext=root:system_r:audisp_t:s0-s0:c0.c1023 tclass=process
>
> The audit2allow tools suggests the below
>
> allow servm_t audisp_trocess ptrace; allow servm_t auditd_trocess
> ptrace; allow servm_t crond_trocess ptrace; allow servm_t
> setrans_trocess ptrace; allow servm_t sshd_trocess ptrace; allow
> servm_t sysadm_trocess ptrace; allow servm_t udev_trocess ptrace;
>
> However, when these rules were added, there was no change in the avc
> messages. I also tried the macro
>
> domain_ptrace_all_domains(servm_t)
>
> and
>
> allow servm_t self:capability { sys_ptrace };
>
> But none of this makes a difference to the avc messages generated.

try these:

domain_ptrace_all_domains(servm_t)
mcs_ptrace_all(servm_t)

> Thanks,
> Radha.
>
>
>
>
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 10:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org