I found a bug in Webmin. The author of Webmin is also a SELinux
newbie. (this is the first time I have enabled SELinux)
He would like me to post and try to find help, from
experienced SELinux users. He wrote:
Unfortunately I am a newbie when it comes to selinux too :-(
What I am looking for is a way to selinux that any process can write
to a file. I suspect that the chcon command can do this, but am not
Prior to the above, he wrote:
Ok, thanks ... I see the problem. Webmin opens the log file
/var/webmin/miniserv.error and connects STDERR to it, then runs other
commands like iptables, which inherits the STDERR file descriptor.
This is generally a good thing, as any error output from the iptables
command will go to that log file.
But with selinux enabled, this fails as iptables doesn't have the
security context needed to write to that file. Is there a chcon option
or other command that can allow a file to be written by any process?
If so, I should update Webmin to run that on the error log file.
This bug is at the below URL:
If someone can explain, in simple terms, what needs to be done, that
will be greatly appreciated! TIA, Lanny