-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/12/2013 03:26 PM, Peter wrote:
On 12/13/2013 08:20 AM, Daniel J Walsh wrote:
On 12/12/2013 01:49 PM, Peter wrote:
On 12/13/2013 02:45 AM, Daniel J Walsh wrote:
What SELInux issue did you have? What policy did you need to add?
Unfortunately I've misplaced the audit logs and report of the problem, but this is the policy I had to add:
module mypol 1.0;
require { type unconfined_t; type sshd_net_t; type kernel_t; class process { dyntransition transition sigchld }; }
#============= kernel_t ============== allow kernel_t sshd_net_t:process dyntransition; allow kernel_t unconfined_t:process { dyntransition transition };
#============= sshd_net_t ============== allow sshd_net_t kernel_t:process sigchld;
Peter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I actually do not think you need these, these were all caused by the originally mislabeled system. If you remove your custom policy, I bet it will work fine.
That makes sense. I will try removing them and see how it goes (any pointers on how to remove a policy?).
Peter _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
semodule -r POLICYNAME.
For example if you installed mypol.pp
You would probably remove
semodule -r mypol