From: konrad.azzopardi@gmail.com (Konrad Azzopardi) Date: Sun, 30 Nov 2008 15:31:53 +0100 Subject: [refpolicy] yule Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Dear all, I am confining a service called 'yule' , which is the central server for the file integrity checker SAMHAIN. Something about the server : Binary file is at /usr/local/sbin/yule Startup script is at /etc/rc.d/init.d/yule -- Config file : /etc/yulerc Logfiles /var/log/yule(/.*)? PID file is at /var/run/yule.pid It optionally uses mysql and I have put this as a boolean. I would appreciate if somebody review the files and give me some feedback to know if i am on the right track. I have only one question....When I issue a stop by /etc/init.d/yule stop I get all sorts of avc denials, however the daemon still stops. From the avc denials and also via an strace it is evident that the stop script is somehow doing a search in all proc directory. What is the best thing to do here ? Allowing search to all types in /proc or make a dontaudit and in both cases is there a macro that captures all types inside /proc {don't think so}. Many thanks for your help Konrad -------------- next part -------------- A non-text attachment was scrubbed... Name: yule.fc Type: application/octet-stream Size: 420 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/1ac8b70a/attachment.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: yule.if Type: application/octet-stream Size: 1612 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/1ac8b70a/attachment-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: yule.te Type: application/octet-stream Size: 2342 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20081130/1ac8b70a/attachment-0002.obj