-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Josef Kubin wrote:
Hello, it needs a new SELinux policy for rkhunter:
I'm currently working on it ...
Relational thing is
https://bugzilla.redhat.com/show_bug.cgi?id=438576
Josef
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list Joseph and I played
around with a policy for rkhunter and quickly found
it to be too cumbersome to confine. Pretty much needs unconfined_domain
to do its thing. rkhunter package is moving it's log files to /var/log
and other files to /var/run, We can then make policy for sendmail to
dontaudit writes. This is a perfect example of allowing sendmail
Read/Write but no Open.
Pedro, you can allow this access by executing
# grep mail /var/log/audit/audit.log | audit2allow -M myrkhunter
# semodule -i myrkhunter.pp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkfud2kACgkQrlYvE4MpobP0NACghVmyJZHkrZXjhZfkU1PvJzTz
EpwAniKVdm6r34QiHcS6sq5OVttSiBwZ
=ee01
-----END PGP SIGNATURE-----