[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: mrtg selinux denials in default configuration
- From: Daniel J Walsh <dwalsh redhat com>
- To: David Timms <dtimms iinet net au>
- Cc: fedora-selinux-list redhat com
- Subject: Re: mrtg selinux denials in default configuration
- Date: Thu, 17 Apr 2008 08:31:43 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Timms wrote:
> Daniel J Walsh wrote:
>> ...
>> Ok I looked at the bugzilla, looks like mrtg is execing top which is
>> reading all process /proc information. Does it need to be able to read
>> all this, or can I dontaudit it.
>
> Dan, I really don't know the answer to that - I haven't got around to
> understanding / configuring mrtg at all. I got the impression from that
> bug that the poster had a specific configuration that was causing that -
> and that he would have to create allow rules for it to work, whereas I
> don't seem to have any configuration for mrtg {except what is provided
> in the rpm - a crond */5 min run using it's default config
> /etc/mrtg/mrtg.cfg
>
> A can confirm that commenting the /etc/cron.d/mrtg command stops the
> denials, but I don't understand why my other F9Beta++ machine doesn't
> generate the same denials.
>
> As an aside: is there a way to perform an rpm -V to verify the packages
> v on-disk contexts ? I could do this for mrtg and all it's requirements.
>
> DaveT.
Not really but you can do a fixfiles -R mrtg restore to read the rpm
database and fix the labels on disk.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkgHQy8ACgkQrlYvE4MpobPPzgCfd81hsUnlz1zSSQnYhXR2r6AY
GF8An3Bmnut5i0iZtNcpcCcS6hvmXgZC
=WwPm
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]