Maciej Lasyk wrote:
On Thu, Mar 06, 2014 at 01:16:17PM -0500, m.roth(a)5-cent.us wrote:
> Maciej Lasyk wrote:
> > On Thu, Mar 06, 2014 at 11:44:27AM -0500, m.roth(a)5-cent.us wrote:
> >> Maciej Lasyk wrote:
> >> > On Wed, Mar 05, 2014 at 11:51:42AM -0500, m.roth(a)5-cent.us wrote:
> >> >> Maciej Lasyk wrote:
> >> >> > On Wed, Mar 05, 2014 at 10:33:22AM -0500, m.roth(a)5-cent.us
> wrote:
> >> >> >> Maciej Lasyk wrote:
> >> >> >> > On Wed, Mar 05, 2014 at 09:44:17AM -0500,
m.roth(a)5-cent.us
> >> wrote:
> >> >> >> >>
> >> >> >> >> I got a denial (we're in permissive mode),
which boils down
> to
> >> >> >> >> what I expect is some project's CGI (or
whatever) using
> tetex.
> >> The denial
> >> >> >> >> was complaining about /usr/bin/pdftex accessing
> /var/lib/texmf,
> >> >> >> >> and their fcontexts are all correct. So: is this
a policy
> bug,
> <snip>
> > Oh lol my apology; it was to be:
> >
> > sesearch -T -s httpd_sys_script_t -t tetex_data_t -c process -C
> >
> > Also:
> >
> > sesearch -T -s tetex_data_t
> >
>
> Right. Thanks - those didn't sit there contemplating their navel for a
> while, either. Both returned nothing at all. I also note, via getsebool
> -a
> | grep -i tex that there's no tex-related boolean.
>
Ok so it looks like no policy for this transform. You could yet ask this
question again on the group to get second confirmation as I can be wrong
:)
Oh, *crap*, I forgot the stupid configuration of the selinux mailing list,
where if I don't reply all, it *only* goes to the poster....
mark