Re: mrtg selinux denials in default configuration

Daniel J Walsh wrote: >...
> Ok I looked at the bugzilla, looks like mrtg is execing top which is
> reading all process /proc information. Does it need to be able to read
> all this, or can I dontaudit it.

Dan, I really don't know the answer to that - I haven't got around to understanding / configuring mrtg at all. I got the impression from that bug that the poster had a specific configuration that was causing that - and that he would have to create allow rules for it to work, whereas I don't seem to have any configuration for mrtg {except what is provided in the rpm - a crond */5 min run using it's default config /etc/mrtg/mrtg.cfg

A can confirm that commenting the /etc/cron.d/mrtg command stops the denials, but I don't understand why my other F9Beta++ machine doesn't generate the same denials.

As an aside: is there a way to perform an rpm -V to verify the packages v on-disk contexts ? I could do this for mrtg and all it's requirements.

DaveT. -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

• This message: [ Message body ]
• Next message: Antonio Olivares: "selinux denies X, but can get in via permissive mode"
• Previous message: James Morris: "Re: Fedora buildsys and SELinux"
• In reply to: Daniel J Walsh: "Re: mrtg selinux denials in default configuration"
• Next in thread: Daniel J Walsh: "Re: mrtg selinux denials in default configuration"
• Reply: Daniel J Walsh: "Re: mrtg selinux denials in default configuration"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]