On Wed, 8 Nov 2006, Paul Howarth wrote:
> Mark Haney wrote:
> > Nov 8 10:34:26 localhost kernel: audit(1163000066.441:216): avc:
> > denied { sigkill } for pid=28872 comm="bash"
> > scontext=user_u:system_r:unconfined_t:s0
> > tcontext=root:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
> >
> > What I'm trying to kill is a perl script (rsnapshot).
>
> Well that's a curious one. It would be allowed by policy here. Try
> piping that error log entry through /usr/sbin/audit2why at your end.
You are trying to send the signal as root (ie. it is worth double checking
you aren't doing something that ordinary linux would block)?
It may also be worth checking what selinux type you are running - for most
circumstances "targeted" is the right choice - the other options "strict"
and "mls" are probably too paranoid for most purposes.
Michael Young
