|
app causing selinux audit message
The system is fc6 with all upgrades installed. The app os wine running CIAtpw.exe which produces the selinux audit below. How can selinux be upgraded to allow this? The goal is to turn selinux to enforcing.
audit(1169388916.535:19): avc: denied { execmod } for pid=23794 comm="CIAtpw.exe" name="ole32.dll" dev=hda5 ino=6652862 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:mnt_t:s0 tclass=file Thanks - Dan |
There's a few choices to make: you can relabel the filesystem, run fixfiles or audit2allow. Relabelling the filesystem (touch /relabel; reboot) is the most safe but may not work if for instance the mounted partition is not SELinux-capable or mounted(?), running "fixfiles" is kind of destructive (removes files in /tmp and can skew stuff because you run it on a Live host AFAIK) and for audit2allow you need to install the selinux-policy-$POLICYTYPE-sources, run "cat /var/log/messages | audit2allow > /etc/selinux/$POLICYTYPE/src/policy/domains/misc/custom.te then "make -C /etc/selinux/$POLICYTYPE/src/policy load".
More details at http://fedora.redhat.com/docs/selinux-faq/. |
| All times are GMT -5. The time now is 02:34 AM. |