Valdis.Kletnieks(a)vt.edu wrote:
On Wed, 28 Sep 2005 11:18:33 EDT, Daniel J Walsh said:
>You need to add getattr and ioctl to your tty. I am adding it to Policy.
>
>You could add
>
>allow httpd_t tty_device_t:chr_file { getattr ioctl };
>
>to local.te
>
>
Umm... you're not adding it to the shipping policy, are you? Is there any
*real* usage (as opposed to simulating a hack-in) that httpd_t needs those
two added?
These are only used when httpd_tty_comm is set, It is off by default.
httpd_tty_comm is only required if you
are using public keys that require a password to unlock. So when apache
starts it prompts the admin for a password
to unlock its certificates.
--