[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: avc denied from logrotate
- From: Stephen Smalley <sds epoch ncsc mil>
- To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
- Cc: rhallyx mindspring com, Russell Coker <russell coker com au>, Daniel J Walsh <dwalsh redhat com>
- Subject: Re: avc denied from logrotate
- Date: Fri, 26 Mar 2004 08:37:45 -0500
On Fri, 2004-03-26 at 02:39, Richard Hally wrote:
> Here are the avc denied messages from doing a logrotate.
> I get an error message when I try to do the logrotate in enforcing mode. I
> changed to
> permissive mode, did the logrotate and the resulting messages are attached:
With regard to the /etc/init.d/cups condrestart line in
/etc/logrotate.d/cups, should logrotate.te include:
domain_auto_trans(logrotate_t, initrc_exec_t, initrc_t)
so that the init script runs in the proper domain, and any subsequent
daemon restarts are transitioned to the right domain? That would run
the init script in initrc_t rather than directly in logrotate_t, and
eliminate the need for the various domain_auto_trans(logrotate,
foo_exec_t, foo_t) rules that I see sprinkled about various daemon .te
files, since the usual transition from initrc_t would handle it.
--
Stephen Smalley <sds epoch ncsc mil>
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]