Policy bug or not: httpd and tetex
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Mar 6 19:36:53 UTC 2014
Maciej Lasyk wrote:
> On Thu, Mar 06, 2014 at 01:16:17PM -0500, m.roth at 5-cent.us wrote:
>> Maciej Lasyk wrote:
>> > On Thu, Mar 06, 2014 at 11:44:27AM -0500, m.roth at 5-cent.us wrote:
>> >> Maciej Lasyk wrote:
>> >> > On Wed, Mar 05, 2014 at 11:51:42AM -0500, m.roth at 5-cent.us wrote:
>> >> >> Maciej Lasyk wrote:
>> >> >> > On Wed, Mar 05, 2014 at 10:33:22AM -0500, m.roth at 5-cent.us
>> wrote:
>> >> >> >> Maciej Lasyk wrote:
>> >> >> >> > On Wed, Mar 05, 2014 at 09:44:17AM -0500, m.roth at 5-cent.us
>> >> wrote:
>> >> >> >> >>
>> >> >> >> >> I got a denial (we're in permissive mode), which boils down
>> to
>> >> >> >> >> what I expect is some project's CGI (or whatever) using
>> tetex.
>> >> The denial
>> >> >> >> >> was complaining about /usr/bin/pdftex accessing
>> /var/lib/texmf,
>> >> >> >> >> and their fcontexts are all correct. So: is this a policy
>> bug,
>> <snip>
>> > Oh lol my apology; it was to be:
>> >
>> > sesearch -T -s httpd_sys_script_t -t tetex_data_t -c process -C
>> >
>> > Also:
>> >
>> > sesearch -T -s tetex_data_t
>> >
>>
>> Right. Thanks - those didn't sit there contemplating their navel for a
>> while, either. Both returned nothing at all. I also note, via getsebool
>> -a
>> | grep -i tex that there's no tex-related boolean.
>>
>
> Ok so it looks like no policy for this transform. You could yet ask this
> question again on the group to get second confirmation as I can be wrong
> :)
>
Oh, *crap*, I forgot the stupid configuration of the selinux mailing list,
where if I don't reply all, it *only* goes to the poster....
mark
More information about the selinux
mailing list