-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Forrest Taylor wrote:
Running RHEL5.1 with with selinux-policy-strict-2.4.6-106.el5_1.3.
I am building my own policy for FTP and in creating the xferlog,
audit2allow -alR gives this macro:
logging_search_logs(ftpd_t)
The problem is that this macros generates the following type transition:
type_transition ftpd_t var_log_t : file sendmail_log_t;
I think you are wrong here.
interface(`logging_search_logs',`
gen_require(`
type var_log_t;
')
files_search_var($1)
allow $1 var_log_t:dir search_dir_perms;
')
This, of course, is not really what I want, so I dropped the -R
option
to audit2allow and it returns:
allow ftpd_t var_log_t:dir search;
With the next iteration, audit2allow -alR shows:
sendmail_create_log(ftpd_t)
I have no idea where this comes from, I guess I would need to see you
log files.
and audit2allow -la shows:
allow ftpd_t var_log_t:dir write;
Someone really liked sendmail_log_t ;o)
Forrest
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkfG+vEACgkQrlYvE4MpobN1VACffeQUQQxs9LswugYoaVN63JNn
ePAAoOsQyxwM431hRZJXxrV285bI3nWI
=LNnL
-----END PGP SIGNATURE-----