From: domg472@gmail.com (Dominick Grift)
Date: Sun, 26 Oct 2008 19:58:59 +0100
Subject: [refpolicy] Help with policy writing
In-Reply-To: <af1a12460810261143t340d51bwad304430a5607451@mail.gmail.com>
References: <af1a12460810261143t340d51bwad304430a5607451@mail.gmail.com>
Message-ID: <1225047539.3435.5.camel@sulphur.notebook.internal>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 2008-10-26 at 19:43 +0100, Konrad Azzopardi wrote:

> 
> Raw Audit Messages
> 
> host=MALTA type=AVC msg=audit(1225045152.583:1290): avc:  denied  {
> execute_no_trans } for  pid=7159 comm="samhain"
> path="/usr/local/sbin/samhain" dev=dm-0 ino=7552222
> scontext=unconfined_u:system_r:samhain_t:s0
> tcontext=system_u:object_r:samhain_exec_t:s0 tclass=file
> 
> host=MALTA type=SYSCALL msg=audit(1225045152.583:1290): arch=40000003
> syscall=11 success=yes exit=0 a0=b8f57000 a1=bfc3cc48 a2=bfc3cfa0
> a3=bfc3cd4c items=0 ppid=7158 pid=7159 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="samhain"
> exe="/usr/local/sbin/samhain" subj=unconfined_u:system_r:samhain_t:s0
> key=(null)
samhain_t is trying to execute samhain executable file:

can_exec(samhain_t, samhain_exec_t)

might solve this. refer to this interface call in reference policy. 

> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-- 
Dominick Grift <domg472@gmail.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081026/c6ce8ed8/attachment.bin