-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/14/2014 04:45 PM, m.roth(a)5-cent.us wrote:
CentOS 6.5. We've got a script running under apache for users to
d/l
software. Please don't ask my why it needs sudo....
At any rate, sealert tells me "SELinux is preventing /usr/bin/sudo from
write access on the key .", and when I grep sudo /var/log/audit/audit.log
| audit2allow, it shows that it would allow the script self:key write;
What is self:key, and would this be very bad, or can I get away with it for
this one script?
mark
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
It allows a process to write to its own kernel keyring. It is not a big deal
to allow it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlMCM00ACgkQrlYvE4MpobPnBwCeI8i2hFHIuzyezCa9+UIMVgwH
6SQAnjtcuqca7hbMbYaY0hQABiYE8Gvq
=ysBO
-----END PGP SIGNATURE-----