[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [policy-1.9-11] ssh-agent takes all the CPU in enforcing mode.

From: Aleksey Nogin <aleksey nogin org>
To: russell coker com au, "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Cc:
Subject: Re: [policy-1.9-11] ssh-agent takes all the CPU in enforcing mode.
Date: Wed, 24 Mar 2004 13:31:18 -0800

On 24.03.2004 04:54, Russell Coker wrote:

On Wed, 24 Mar 2004 21:50, Aleksey Nogin <aleksey nogin org> wrote:
What I see in the logs is
audit(1080124752.283:0): avc:  denied  { write } for  pid=2885
exe=/usr/bin/ssh-agent path=/home/aleksey/.xsession-errors dev=hda2
ino=310712 scontext=aleksey:staff_r:staff_ssh_agent_t
tcontext=aleksey:object_r:staff_home_t tclass=file
Try using the attached ssh_agent_macros.te.

I added the following two lines to my ssh_agent_macros.te and the problem went away, thanks!

allow $1_ssh_agent_t { home_root_t $1_home_dir_t }:dir search;
allow $1_ssh_agent_t $1_home_t:file { getattr write append };


--
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin cs caltech edu (office), aleksey nogin org (personal)
Office: Jorgensen 70, tel: (626) 395-2907

References:
- [policy-1.9-11] ssh-agent takes all the CPU in enforcing mode.
  - From: Aleksey Nogin
- Re: [policy-1.9-11] ssh-agent takes all the CPU in enforcing mode.
  - From: Russell Coker

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]