[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: mrtg selinux denials in default configuration

Daniel J Walsh wrote:
Ok I looked at the bugzilla, looks like mrtg is execing top which is
reading all process /proc information.  Does it need to be able to read
all this, or can I dontaudit it.

Dan, I really don't know the answer to that - I haven't got around to understanding / configuring mrtg at all. I got the impression from that bug that the poster had a specific configuration that was causing that - and that he would have to create allow rules for it to work, whereas I don't seem to have any configuration for mrtg {except what is provided in the rpm - a crond */5 min run using it's default config /etc/mrtg/mrtg.cfg

A can confirm that commenting the /etc/cron.d/mrtg command stops the denials, but I don't understand why my other F9Beta++ machine doesn't generate the same denials.

As an aside: is there a way to perform an rpm -V to verify the packages v on-disk contexts ? I could do this for mrtg and all it's requirements.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]