Paul Howarth wrote:
Being an old-fashioned sort of guy, I always create a separate partition (well, logical volume these days) for /tmp and various other top-level directories. Hence I have a directory /tmp/lost+found and every day I get an email from cron like this:
Subject: Cron root@goalkeeper run-parts /etc/cron.daily Date: Tue, 27 May 2008 04:17:12 +0100
/etc/cron.daily/tmpwatch:
error: failed to lstat /tmp/lost+found: Permission denied
The following policy fixes this:
policy_module(localmisc, 0.0.1)
require { type tmpreaper_t; }
# Allow tmpwatch to stat /tmp/lost+found files_getattr_lost_found_dirs(tmpreaper_t)
Paul.
That is funny because the policy has
files_dontaudit_getattr_lost_found_dirs(tmpreaper_t)
So in order to get rid of the error, we need to allow it, which seems reasonable.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list