-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Griffiths wrote:
This is what audit2allow is showing now.
tail -n60 /var/log/messages | audit2allow -m local
module local 1.0;
require {
type unlabeled_t;
type default_t;
type boot_t;
type httpd_t;
type httpd_sys_script_t;
type lost_found_t;
class lnk_file read;
class dir getattr;
class file { read write getattr };
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t unlabeled_t:file { read write };
#============= httpd_t ==============
allow httpd_t boot_t:dir getattr;
allow httpd_t default_t:file getattr;
allow httpd_t default_t:lnk_file read;
allow httpd_t lost_found_t:dir getattr;
It is getting worse.
Regards,
John
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list What OS and what
version of policy are you running. You might want to
yum update selinux-policy
default_t looks like you added some directory at / and did not label it
with httpd_sys_content_t?
The getattr can probably be dontaudit since I doubt your app actually
wants to look at these directories.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iD8DBQFG2IK0rlYvE4MpobMRAuIhAJ9owSu6/rwqV2HYt/RCHOll4nl8qgCfQoaT
yVXCjJQYxht6xa/tktGp26I=
=Hc/F
-----END PGP SIGNATURE-----