[selinux-policy: 1641/3172] fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:26:57 UTC 2010
commit c31f6724c03195d2121bff416182ca6ed99e0aff
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Nov 28 15:47:47 2006 +0000
fix dontaudit interface that was allowing instead of dontauditing; thanks to karl for pointing this out.
policy/modules/services/apache.if | 2 +-
policy/modules/services/apache.te | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if
index 30bcb42..76f9dfa 100644
--- a/policy/modules/services/apache.if
+++ b/policy/modules/services/apache.if
@@ -753,7 +753,7 @@ interface(`apache_dontaudit_search_modules',`
type httpd_modules_t;
')
- allow $1 httpd_modules_t:dir r_dir_perms;
+ dontaudit $1 httpd_modules_t:dir search_dir_perms;
')
########################################
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index a80fd13..1eae40d 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
-policy_module(apache,1.4.1)
+policy_module(apache,1.4.2)
#
# NOTES:
More information about the scm-commits
mailing list