On 7/19/07, Tom London <selinux gmail com> wrote:
After today's update (targeted/enforcing), I get a bunch of AVCs.
audit.log file attached.
tom
[root localhost ~]# audit2allow -i log
#============= NetworkManager_t ==============
allow NetworkManager_t device_t:sock_file write;
#============= auditd_t ==============
allow auditd_t device_t:sock_file write;
#============= avahi_t ==============
allow avahi_t device_t:sock_file write;
#============= crond_t ==============
allow crond_t device_t:sock_file write;
#============= cupsd_t ==============
allow cupsd_t unlabeled_t:file ioctl;
#============= dhcpc_t ==============
allow dhcpc_t device_t:sock_file write;
#============= entropyd_t ==============
allow entropyd_t device_t:sock_file write;
#============= fsdaemon_t ==============
allow fsdaemon_t device_t:sock_file write;
#============= gpm_t ==============
allow gpm_t device_t:sock_file write;
#============= ntpd_t ==============
allow ntpd_t device_t:sock_file write;
#============= rpcbind_t ==============
allow rpcbind_t self:capability sys_tty_config;
allow rpcbind_t self:udp_socket listen;
#============= sendmail_t ==============
allow sendmail_t device_t:sock_file write;
#============= setroubleshootd_t ==============
allow setroubleshootd_t device_t:sock_file write;
#============= sshd_t ==============
allow sshd_t device_t:sock_file write;
#============= system_chkpwd_t ==============
allow system_chkpwd_t device_t:sock_file write;
#============= system_dbusd_t ==============
allow system_dbusd_t device_t:sock_file write;
#============= xdm_t ==============
allow xdm_t device_t:sock_file write;
--
Tom London
Fixing the labels for /sbin/rsyslogd, /sbin/rklogd, etc. appears to
fix this...
Sorry for being 'quick on the trigger'.
tom