fedora-selinux August 2010 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: Re: Mlogc problem after aupgrade to F13

Re: Mlogc problem after aupgrade to F13

From: Dominick Grift <domg472_at_nospam>
Date: Sat Aug 14 2010 - 09:48:05 GMT
To: selinux@lists.fedoraproject.org

On 08/14/2010 11:35 AM, Arthur Dent wrote:

>> There are some issues:
>>
>> 1. I would go here:
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users and ask
>> if it is normal that mlogc writes to certificate databases. Its trying
>> to write to files like: cert9.db, key4.db.
>
> I am already subscribed to that list so I'll post a message now...
>>
>> 2. You have a partition mounted that is not labelled properly. It is:
>> /dev/sda6. Where is that mounted?
>
> Hmmm... That's /

Ok it looks like it might want to dump core then:

Add the following to your mymlogc.te to allow mlogc_t to dump core
(manage files in /)

files_manage_root_files(mlogc_t)

>>
>> 3. Looks like mlogc wants to maintain objects in /tmp. However your logs
>> do not display what kind of objects ( e.g. it is incomplete )
>
> Sorry I don't understand what you mean...
>
>>
>> You may have removed log entries that were no duplicates.
>
> OK here are all 12...

Ok it is still not displaying, That is because it is denied access. So i
will for now assume it wants to maintain a file in /tmp:

Add the following to your mymlogc.te file for now:

type mlogc_tmp_t;
files_tmp_file(mlogc_tmp_t)

manage_files_pattern(mlogc_t, mlogc_tmp_t, mlogc_tmp_t)
files_tmp_filetrans(mlogc_t, mlogc_tmp_t, file)

>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux