Snort and sysadm_devpts
Business DSL User
biz7rv0y at verizon.net
Mon Aug 16 18:09:16 UTC 2004
Hi Stephen and all,
> There is an 'enableaudit' target in the policy Makefile that does
> precisely that - see the Fedora SELinux FAQ. make enableaudit load,
> then make clean load later to revert.
Cool! I clearly need to re-read the FAQ, since it's apparently been updated
since my last reading <g>. Good work, Karsten!
>> 2. Is there possibly a better policy tweak that would permit Snort to
>> restart okay? I'm not cheerful about giving Snort access to the console.
>
> Update to the latest FC2 kernel and policy. A change was made to
> SELinux to re-open descriptors that it closes on exec to the null
> device. This avoids inducing program misbehavior when SELinux closes
> descriptors.
Drat! No can do: The latest kernel includes a bug that restricts my Intel
e1000 network adapter to about 20 kbps. So, I've been forced to regress to
the next to latest kernel.
Thanks,
More information about the selinux
mailing list