I'm running CentOS 6.2, all updates. selinux-policy 3.7.19-126.el6_2.6. I see /usr/share/selinux/devel/include/admin/mcelog.if: ######################################## ## <summary> ## Execute a domain transition to run mcelog. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed to transition. ## </summary> ## </param> # interface(`mcelog_domtrans',` gen_require(` type mcelog_t, mcelog_exec_t; ')
domtrans_pattern($1, mcelog_exec_t, mcelog_t) ')
Yet, I'm seeing SELinux is preventing /usr/sbin/mcelog from getattr access on the file /var/run/mcelog.pid.
Now, from some googling, it *looks* as though this was fixed already. Am I missing something, or has this bug been reintroduced?
mark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/17/2012 11:43 AM, m.roth@5-cent.us wrote:
I'm running CentOS 6.2, all updates. selinux-policy 3.7.19-126.el6_2.6. I see /usr/share/selinux/devel/include/admin/mcelog.if: ######################################## ## <summary> ## Execute a domain transition to run mcelog. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed to transition. ## </summary> ## </param> # interface(`mcelog_domtrans',` gen_require(` type mcelog_t, mcelog_exec_t; ')
domtrans_pattern($1, mcelog_exec_t, mcelog_t) ')
Yet, I'm seeing SELinux is preventing /usr/sbin/mcelog from getattr access on the file /var/run/mcelog.pid.
Now, from some googling, it *looks* as though this was fixed already. Am I missing something, or has this bug been reintroduced?
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Well i am not sure if it is was fixed in 6.2 policy or 6.3. I provide the current selinux policy prerelease in people.redhat.com/dwalsh/SELinux/RHEL6
On 02/17/2012 09:19 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/17/2012 11:43 AM, m.roth@5-cent.us wrote:
I'm running CentOS 6.2, all updates. selinux-policy 3.7.19-126.el6_2.6. I see /usr/share/selinux/devel/include/admin/mcelog.if: ######################################## ##<summary> ## Execute a domain transition to run mcelog. ##</summary> ##<param name="domain"> ##<summary> ## Domain allowed to transition. ##</summary> ##</param> # interface(`mcelog_domtrans',` gen_require(` type mcelog_t, mcelog_exec_t; ')
domtrans_pattern($1, mcelog_exec_t, mcelog_t) ')
Yet, I'm seeing SELinux is preventing /usr/sbin/mcelog from getattr access on the file /var/run/mcelog.pid.
Now, from some googling, it *looks* as though this was fixed already. Am I missing something, or has this bug been reintroduced?
mark
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Well i am not sure if it is was fixed in 6.2 policy or 6.3. I provide the current selinux policy prerelease in people.redhat.com/dwalsh/SELinux/RHEL6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8+xEsACgkQrlYvE4MpobPJqACeJfF5X0UW4sAeQeeTznTE5jOq uwoAniRES1D+aspYM3oQQrWb4D3dP0Lc =4SV1
-----END PGP SIGNATURE-----
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Please, could you use the latest selinux-policy packages from
people.redhat.com/dwalsh/SELinux/RHEL6
how Dan wrote.
selinux@lists.fedoraproject.org