Hi, firstly thanks for all the great work, Fedora 15 is a nice release and SELinux has come a long way since I first had a look at it. I followed Dan's instructions on confining users here: http://danwalsh.livejournal.com/18312.html. Now that I'm a 'guinea pig' should I report these denials here or somewhere else or nowhere?


The following process want read access on ld.so.cache:
setfiles, ssh-keygen, consoletype, systemd-tty-ask-password-agent, avahi-daemon, nm-dhcp-client.action smbd, ip, ip6tables-multi, nmbd

ld.so.cache is quite the desirable file apparently so whats up with this?


Thanks
Michael



--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

On Tue, 2011-06-21 at 12:16 +0800, Michael Milverton wroteig'
> should I report these denials here or somewhere else or nowhere?

Yes enclose them here

> The following process want read access on ld.so.cache:
> setfiles, ssh-keygen, consoletype, systemd-tty-ask-password-agent,
> avahi-daemon, nm-dhcp-client.action smbd, ip, ip6tables-multi, nmbd
>
> ld.so.cache is quite the desirable file apparently so whats up with this?

I dont know until you show me the avc denials and anyting else relevant.

> Thanks
> Michael
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Thanks Dominick,
I ran restorecon on /etc just to make sure so before I bombard you with
audit messages I'll see if it just needed to be relabeled as that may be
all that it was.

On Tue, 2011-06-21 at 09:37 +0200, Dominick Grift wrote:
>
> On Tue, 2011-06-21 at 12:16 +0800, Michael Milverton wroteig'
> > should I report these denials here or somewhere else or nowhere?
>
> Yes enclose them here
>
> > The following process want read access on ld.so.cache:
> > setfiles, ssh-keygen, consoletype, systemd-tty-ask-password-agent,
> > avahi-daemon, nm-dhcp-client.action smbd, ip, ip6tables-multi, nmbd
> >
> > ld.so.cache is quite the desirable file apparently so whats up with this?
>
> I dont know until you show me the avc denials and anyting else relevant.
>
> > Thanks
> > Michael
> > --
> > selinux mailing list
> > selinux@lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

On 06/21/2011 08:53 AM, Michael Milverton wrote:
> Thanks Dominick,
> I ran restorecon on /etc just to make sure so before I bombard you with
> audit messages I'll see if it just needed to be relabeled as that may be
> all that it was.
Let us know if the problem still persists. If yes and you will see AVC
msgs, you can open a new bugzilla.
> On Tue, 2011-06-21 at 09:37 +0200, Dominick Grift wrote:
>> On Tue, 2011-06-21 at 12:16 +0800, Michael Milverton wroteig'
>>> should I report these denials here or somewhere else or nowhere?
>> Yes enclose them here
>>
>>> The following process want read access on ld.so.cache:
>>> setfiles, ssh-keygen, consoletype, systemd-tty-ask-password-agent,
>>> avahi-daemon, nm-dhcp-client.action smbd, ip, ip6tables-multi, nmbd
>>>
>>> ld.so.cache is quite the desirable file apparently so whats up with this?
>> I dont know until you show me the avc denials and anyting else relevant.
>>
>>> Thanks
>>> Michael
>>> --
>>> selinux mailing list
>>> selinux@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux