FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 01-16-2008, 05:08 PM
Stephen Smalley
 
Default more avc denials

On Wed, 2008-01-16 at 12:05 -0500, Michael Thomas wrote:
> While testing some changes to the cyphesis selinux module in Rawhide, I
> started getting the following denials:
>
> type=AVC msg=audit(1200547499.303:66): avc: denied { write } for
> pid=2722 comm="cyphesis" name="context" dev=selinuxfs ino=5
> scontext=unconfined_u:system_r:cyphesis_t:s0
> tcontext=system_ubject_r:security_t:s0 tclass=file
> type=AVC msg=audit(1200547499.303:67): avc: denied { check_context }
> for pid=2722 comm="cyphesis"
> scontext=unconfined_u:system_r:cyphesis_t:s0
> tcontext=system_ubject_r:security_t:s0 tclass=security
>
> What would cause these?

That suggests that cyphesis is invoking a libselinux function that is
validating a security context (by writing to /selinux/context).

Would be allowed by selinux_validate_context(cyphesis_t), if using
refpolicy interfaces and building via make
-f /usr/share/selinux/devel/Makefile.

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org