search for: portmap_t

...21 Policy from config file: targeted I can #setsebool -P httpd_disable_trans on and httpd starts - but there's zero enforcing now as I understand it. Further digging & I get to: # cat /var/log/audit/audit.log | audit2allow -m local module local 1.0; require { type portmap_t; type httpd_t; type file_t; class lnk_file read; class file { getattr read execute }; } #============= httpd_t ============== allow httpd_t file_t:file { read getattr execute }; allow httpd_t file_t:lnk_file read; #============= portmap_t ============== allow p...

...slogd" name="messages" dev=dm-3 ino=38 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file audit(1156518721.757:7): avc: denied { read } for pid=2246 comm="portmap" name="libnsl-2.3.4.so" dev=dm-0 ino=48836 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file audit(1156518728.009:10): avc: denied { read } for pid=2411 comm="named" name="liblwres.so.1.1.2" dev=dm-0 ino=462795 scontext=user_u:system_r:named_t tcontext=system_u:object_r:file_t tclass=file audit(1156518728.032:13): avc:...

...{ type postfix_etc_t; type home_root_t; type apmd_t; type setrans_t; type port_t; type etc_mail_t; type snmpd_t; type tmp_t; type dovecot_deliver_t; type postfix_smtp_t; type nfs_t; type var_run_t; type usr_t; type httpd_t; type audisp_t; type postfix_cleanup_t; type inetd_t; type portmap_t; type postfix_pickup_t; type hald_t; type getty_t; type avahi_t; type etc_t; type sysctl_kernel_t; type unconfined_t; type init_t; type auditd_t; type lib_t; type dovecot_auth_t; type syslogd_t; type hostname_exec_t; type postfix_smtpd_t; type var_spool_t; type system_dbusd_t; type...

When the latest version of CentOS4.2 boots I get an avc error for portmap. Audit2allow suggests this as a cure: allow portmap_t etc_runtime_t:file read; Any issues that come to mind to anyone regarding adding this to /etc/selinux/targeted/src/policy/domains/misc/local.te and reloading? Regards, Jim P.S. I am a digest subscriber. The favour of a direct reply is requested in addition to any to the list. -- ***...