[CentOS] RHEL 7 Beta is now public
Daniel J Walsh
dwalsh at redhat.com
Fri Dec 13 14:02:47 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/12/2013 03:26 PM, Peter wrote:
> On 12/13/2013 08:20 AM, Daniel J Walsh wrote:
>> On 12/12/2013 01:49 PM, Peter wrote:
>>> On 12/13/2013 02:45 AM, Daniel J Walsh wrote:
>
>>>> What SELInux issue did you have? What policy did you need to add?
>
>>> Unfortunately I've misplaced the audit logs and report of the problem,
>>> but this is the policy I had to add:
>
>>> module mypol 1.0;
>
>>> require { type unconfined_t; type sshd_net_t; type kernel_t; class
>>> process { dyntransition transition sigchld }; }
>
>>> #============= kernel_t ============== allow kernel_t
>>> sshd_net_t:process dyntransition; allow kernel_t unconfined_t:process {
>>> dyntransition transition };
>
>>> #============= sshd_net_t ============== allow sshd_net_t
>>> kernel_t:process sigchld;
>
>
>>> Peter _______________________________________________ CentOS mailing
>>> list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
>
>
>> I actually do not think you need these, these were all caused by the
>> originally mislabeled system. If you remove your custom policy, I bet it
>> will work fine.
>
> That makes sense. I will try removing them and see how it goes (any
> pointers on how to remove a policy?).
>
>
> Peter _______________________________________________ CentOS mailing list
> CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
>
semodule -r POLICYNAME.
For example if you installed mypol.pp
You would probably remove
semodule -r mypol
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlKrE4cACgkQrlYvE4MpobMRgACfedBTbBiaq42L/sixX0MSXRLA
1/UAoKqq+MLqH1FktvcSIG9FRwhESTmn
=Td0a
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list