Am Montag, den 21.02.2011, 14:37 +0100 schrieb Christoph Maser: > Am Sonntag, den 20.02.2011, 22:47 +0100 schrieb Pavel Kankovsky: > > On Thu, 17 Feb 2011, Christoph Maser wrote: > > > > > Where is that from? > > > > Examine the binary policy with apol or sesearch. > > > > > I took the c5 SRMP and ran rpmbuild -bp, in my BUILD > > > dir i dont see those: > > > /home/cmr/rpmbuild/BUILD/serefpolicy-2.4.6/policy/modules/services: grep > > > initrc nagios* > > > -> nothing > > > > The rules are generated by a M4 macro invoked in nagios.te: > > > > init_daemon_domain(nagios_t, nagios_exec_t) > > > > Thanks for the pointers, I still couldn't find out why its not working. > Actually it doesn't produce any denials in audit.log. If I use the init > script from any other location its just works. > > Chris
Well have to correct myself again. It is generating denials. Actually the policy does not allow general read/write access to the spool dir, wich is where I think the checkresult dir belongs. I guess a workaround would be to put the checkresults dir below /var/log/nagios. If that works I will change the spec accordingly. Thanks again for your support Chris _______________________________________________ users mailing list [email protected] http://lists.rpmforge.net/mailman/listinfo/users
