On Tue, 2005-02-01 at 11:52 -0500, Kanwar Ranbir Sandhu wrote:
On Tue, 2005-01-02 at 10:22 -0500, Kanwar Ranbir Sandhu wrote:
> avc: denied { search } for pid=2851 exe=/usr/bin/perl name=postfix
> dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
>
> avc: denied { search } for pid=2851 exe=/usr/bin/perl name=postfix
> dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
>
> avc: denied { setrlimit } for pid=2856 exe=/usr/sbin/sendmail.postfix
> scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t
> tclass=process
I've learned a little more about selinux, and so ran audit2allow on the
denials above to generate the following two policies:
allow httpd_sys_script_t var_spool_t:dir search;
allow httpd_t self:process setrlimit;
Does adding those two permissions actually fix the problem?