-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/02/2013 11:44 AM, m.roth@5-cent.us wrote:
Has there been some change in policy? I've got a box that's running fc17, updated fully, and it's spitting avc's when motion is creating files and links on an nfs-mounted directory.
Running audit2allow gets me: #============= zoneminder_t ============== allow zoneminder_t nfs_t:lnk_file create;
I'd rather not install that if something happened, and a bug crept into the current policy....
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Seems pretty strange.
sesearch -C -A -s zoneminder_t -c lnk_file -p create Found 3 semantic av rules: allow zoneminder_t zoneminder_spool_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; allow zoneminder_t zoneminder_tmpfs_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; DT allow zoneminder_t public_content_rw_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; [ zoneminder_anon_write ]
The only place zoneminder is allowed to create content in is zoneminder content of public_content.