On 1 Dec 2001, Justin Smith wrote:

> avc: denied { search } for pid=93 exe=/bin/cat dev=00:08 ino=1
> scontext=system_u:system_r:initrc_t
> tcontext=system_u:object_r:unlabeled_t
> tclass=dir

I provided a possible explanation for these messages in my earlier reply - see http://marc.theaimsgroup.com/?l=selinux&m=100688827827241&w=2.

> avc: denied { mounton } for pid=149 exe=/bin/mount path=/local
> dev=03:0a ino=
> 32705
> scontext=system_u:system_r:mount_t
> tcontext=system_u:object_r:usr_t
> tclass=dir

I'll add this permission to the example policy.

> avc: denied { write } for pid=224 exe=/bin/mv path=/log dev=03:05
> ino=96193
> scontext=system_u:system_r:initrc_t
> tcontext=system_u:object_r:var_log_t
> tclass=dir

<text deleted>

I've seen these messages on RH7.2, and am adding permissions for RH7.2, but I've never seen them on RH7.1. RH7.1 is still our recommended base platform, although we are working on the transition to RH7.2, as I've explained in other postings.

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com




--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.