[DSE-Dev] refpolicy: patch rpc
Václav Ovsík
vaclav.ovsik at i.cz
Mon Feb 25 12:38:30 UTC 2008
Hi,
following denials appears during startup of rpc.statd (nfs-common
service) on Debian Sid:
Feb 22 23:27:45 sid kernel: audit(1203719264.336:3): avc: denied { search } for pid=1482 comm="rpc.statd" name="sbin" dev=sda1 ino=245761 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=dir
Feb 22 23:27:45 sid kernel: audit(1203719264.336:4): avc: denied { execute } for pid=1482 comm="rpc.statd" name="sm-notify" dev=sda1 ino=376910 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Feb 22 23:27:45 sid kernel: audit(1203719264.336:5): avc: denied { execute_no_trans } for pid=1482 comm="rpc.statd" name="sm-notify" dev=sda1 ino=376910 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Feb 22 23:27:45 sid kernel: audit(1203719264.336:6): avc: denied { read } for pid=1482 comm="rpc.statd" name="sm-notify" dev=sda1 ino=376910 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
Feb 22 23:27:45 sid kernel: audit(1203719264.724:7): avc: denied { search } for pid=1482 comm="sm-notify" name="fs" dev=proc ino=-268435429 scontext=system_u:system_r:rpcd_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
Added patch is taken from Fedora policy...
Thanks
--
Zito
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rpc.patch
Type: text/x-diff
Size: 568 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/selinux-devel/attachments/20080225/be7a2dc0/attachment.patch
More information about the SELinux-devel
mailing list