Problem with SELinux and glusterfs when trying to allow memprotect/mmap_zero

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ioannis Aslanidis <iaslanidis@flumotion.com>
To: selinux@tycho.nsa.gov
Subject: Problem with SELinux and glusterfs when trying to allow memprotect/mmap_zero
Date: Wed, 27 May 2009 12:06:38 +0200	[thread overview]
Message-ID: <4A1D10AE.7020009@flumotion.com> (raw)


[-- Attachment #1.1: Type: text/plain, Size: 923 bytes --]

Hello,

I am trying to allow the following audit message through, but it says
that there is a violation. Can anyone explain what exactly is going on?

Thank you,

Ioannis

# cat messages.audit
May 27 01:51:13 streamer012 kernel: audit(1243381873.876:60): avc:
denied  { mmap_zero } for  pid=3155 comm="glusterfs2"
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:system_r:mount_t:s0 tclass=memprotect


# cat selinuxglusterfs.te

module selinuxglusterfs 1.0;

require {
	type mount_t;
	class memprotect mmap_zero;
}

#============= mount_t ==============
allow mount_t self:memprotect mmap_zero;


#  semodule -i selinuxglusterfs.pp
libsepol.check_assertion_helper: assertion on line 0 violated by allow
mount_t mount_t:memprotect { mmap_zero };
libsepol.check_assertions: 1 assertion violations occured
libsemanage.semanage_expand_sandbox: Expand module failed
semodule:  Failed!

[-- Attachment #1.2: iaslanidis.vcf --]
[-- Type: text/x-vcard, Size: 513 bytes --]

begin:vcard
fn:Ioannis Aslanidis
n:Aslanidis;Ioannis
org:Flumotion Services S.A.;Infrastructure Department
adr:Edifici Nord Planta 2;;World Trade Center;Barcelona;Barcelona;08039;Spain
email;internet:iaslanidis@flumotion.com
title:System and Network Administrator
tel;work:+34935086359
tel;cell:+34672204575
note;quoted-printable:PGP Key: 0xBEAC0800 (pgp.rediris.es)=0D=0A=
	Key fingerprint =3D 73FE B836 D116 1EF1 D580  C06E 16AF BCC3 BEAC 0800
url:http://www.flumotion.com
version:2.1
end:vcard


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 261 bytes --]

next             reply	other threads:[~2009-05-27 10:07 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-05-27 10:06 Ioannis Aslanidis [this message]
2009-05-27 11:28 ` Problem with SELinux and glusterfs when trying to allow memprotect/mmap_zero Daniel J Walsh
2009-05-28 22:33   ` Eric Paris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A1D10AE.7020009@flumotion.com \
    --to=iaslanidis@flumotion.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.