[DSE-Dev] refpolicy HEAD, Debian, syslogd & setrlimit
Daniel J Walsh
dwalsh at redhat.com
Thu Dec 6 14:49:04 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christopher J. PeBenito wrote:
> On Wed, 2007-12-05 at 15:13 +0100, Václav Ovsík wrote:
>> audit(1196861341.205:26): avc: denied { setrlimit } for pid=2160 comm="cron" scontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
>>
>> There is a content of /etc/pam.d/cron from my Debian Etch:
> [...]
>> # Sets up user limits, please define limits for cron tasks
>> # through /etc/security/limits.conf
>> session required pam_limits.so
>>
>> /etc/security/limits.conf
>>
>> has only comment sections.
>>
>> Can be rlimit allowed or should be solved this in some other way?
>
> I added this in distro_debian for now, so if someone does put limits, it
> will work.
>
Seems reasonable for all distributions.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHWAu/rlYvE4MpobMRAkIFAKCB5ObRXtMutenjo3nW0uWIoGbwMwCeK3O+
CeettI1AWzS9LD/kEsU9fcs=
=WfQm
-----END PGP SIGNATURE-----
More information about the SELinux-devel
mailing list