-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
David Timms wrote:
Daniel J Walsh wrote:
# semanage user -l # semanage login -l
#assume DJW_REQUESTING_RESULT:
# semanage user -l Labeling MLS/ MLS/ SELinux User Prefix MCS Lvl MCS Range SELinux Roles
root user s0 SystemLow-SystemHigh system_r staff_r unconfined_r sysadm_r staff_u user s0 SystemLow-SystemHigh system_r staff_r sysadm_r sysadm_u user s0 SystemLow-SystemHigh sysadm_r system_u user s0 SystemLow-SystemHigh system_r unconfined_u unconfined s0 SystemLow-SystemHigh system_r unconfined_r user_u user s0 s0 user_r
# semanage login -l Login Name SELinux User MLS/MCS Range
__default__ unconfined_u SystemLow-SystemHigh root unconfined_u SystemLow-SystemHigh system_u system_u SystemLow-SystemHigh
As an aside, I erased mrtg yesterday - mo more mrtg denials. Reinstalled mrtg just now, mrtg denials every five minutes. It is also possible that when originally installed under F8, that I attempted to configure it, but I can't find any evidence of that in /etc ...etc. My other machine doesn't popup the denials with a default install, so I expect there must be some invalid or selinux not configured to match service requirements. === Actually running same -l on another f9beta notebook: # semanage user -l {has the ones above plus:}
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
guest_u guest s0 s0 guest_r xguest_u xguest s0 s0 xguest_r
# semanage login -l {same 3 items, except the selinux user for root is different}. Login Name SELinux User MLS/MCS Range
root root SystemLow-SystemHigh
Given autorelabel doesn't seem to solve it, is it worth {possible} to rpm -e the targeted policy, then reinstall it - or am I barking up the wrong tree ? =====
DaveT.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Ok I looked at the bugzilla, looks like mrtg is execing top which is reading all process /proc information. Does it need to be able to read all this, or can I dontaudit it.