httpd controls ?
Hongwei Li
hongwei at wustl.edu
Wed Mar 30 15:47:41 UTC 2005
>> 2. If it is safe, how do I persuade selinux to let it happen?
>
> Look into use of the audit2allow utility for converting denied
> messages into rules that allow the behavior that was denied. The the
> short of it is:
>
> # cd /etc/selinux/targeted/src
> # audit2allow -d -l -o domains/misc/local.te && make load
>
> Repeat until your script works and then clean up the local.te file's
> formatting (not necessary). The long of it (and a good read) is the
> Red Hat Enterprise Linux 4 SELinux Guide
> (http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/).
> I'd suggest reading that, specifically section II before doing what
> I've suggested here to make sure you have a full understanding of
> what's going on.
>
I have a question about what you suggested. My system is working
normally, but I'd like to know more about audit2allow. My system (fc3,
selinux enforced, targeted) does not have src under /etc/selinux/targeted/
that has only: booleans contexts policy
and I could not find audit2allow, even from the web site you gave above.
Could you provide more information about it? or any links?
Thanks!
Hongwei Li
More information about the selinux
mailing list