[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Error in update policy-sources-1.11.2-21



On Sun, 02 May 2004 18:30:58 -0400, Richard Hally <rhally mindspring com> wrote:

Efthym wrote:

Here's my acct.te
 #DESC Acct - BSD process accounting
#
# Author:  Russell Coker <russell coker com au>
# X-Debian-Packages: acct
#
 #################################
#
# Rules for the acct_t domain.
#
# acct_exec_t is the type of the acct executable.
#
daemon_base_domain(acct)
ifdef(`crond.te', `
system_crond_entry(acct_exec_t, acct_t)
 # for monthly cron job
file_type_auto_trans(acct_t, var_log_t, wtmp_t, file)
')
 # for SSP
allow acct_t urandom_device_t:chr_file read;
 allow acct_t logrotate_exec_t:file getattr;
r_dir_file(logrotate_t, acct_data_t)
 type acct_data_t, file_type, sysadmfile;
 allow acct_t self:capability sys_pacct;
 # gzip needs chown capability for some reason
allow acct_t self:capability chown;
 allow acct_t var_t:dir { getattr search };
rw_dir_create_file(acct_t, acct_data_t)
 can_exec(acct_t, { shell_exec_t bin_t initrc_exec_t acct_exec_t })
allow acct_t { bin_t sbin_t }:dir search;
allow acct_t bin_t:lnk_file read;
 read_locale(acct_t)
 allow acct_t self:capability fsetid;
allow acct_t fs_t:filesystem getattr;
 allow acct_t self:unix_stream_socket create_socket_perms;
 allow acct_t self:fifo_file { read write getattr };
 allow acct_t proc_t:file { read getattr };
 allow acct_t { sysctl_kernel_t sysctl_t }:dir search;
allow acct_t sysctl_kernel_t:file read;
 dontaudit acct_t sysadm_home_dir_t:dir { getattr search };
 # for nscd
dontaudit acct_t var_run_t:dir search;
 # not sure why we need this, the command "last" is reported as using it
dontaudit acct_t self:capability kill;
 allow acct_t devtty_t:chr_file { read write };
 allow acct_t { etc_t etc_runtime_t }:file { read getattr };

I ran yum update today which included policy and policy-sources and did not have this problem. If you put acct.te from policy/domains/program directory in a message(it's short) someone can compare it to theirs and see if there is a difference. Another possibility is the macros that are used in that file.
HTH
Richard Hally



Thanx

The acct.te file looks exactly like mine. Have you made changes to the policy sources? Does the problem show up if you run make in the policy directory. consider erasing policy-sources and reinstalling to see if that clears it up.
Sorry I can't be more help.
Richard Hally





I haven't made any changes to the policy. Just to clarify, isn't make the same as running fixfiles ... reload the whole policy ? I'll reinstall and see how it goes.


Thanx for the help

--
Opera 7.50beta1 on FedoraCore2_Test3



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]