I ran audit2allow against my /var/log/messages which shows what needs
to be added/changed/allowed in selinux, but I'm brand new to selinux
and not sure which file under /etc/selinux to add or change, can you
point me in the right direction?
Here's the output from the audit2allow program:
allow httpd_sys_script_t devlog_t:sock_file write;
allow httpd_sys_script_t self:process setrlimit;
allow httpd_sys_script_t self:unix_dgram_socket { connect create };
allow httpd_sys_script_t syslogd_t:unix_dgram_socket sendto;
allow httpd_sys_script_t var_spool_t:dir { add_name remove_name search write };
allow httpd_sys_script_t var_spool_t:fifo_file { getattr write };
allow httpd_sys_script_t var_spool_t:file { create getattr rename
setattr write};
Thanks,
Craig
On Tue, 08 Mar 2005 12:05:02 -0500, Ignacio Vazquez-Abrams
<ivazquez@xxxxxxxxxxxx> wrote:
> On Tue, 2005-03-08 at 10:51 -0600, Craig Gill wrote:
> > Does anybody know how to configure selinux to remain active for
> > targeted daemons and still allow a php script to use the mail()
> > function to send email via postfix?
>
> Just modify the policies appropriately.
>
> http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/
>
> --
> Ignacio Vazquez-Abrams <ivazquez@xxxxxxxxxxxx>
> http://centos.ivazquez.net/
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxxx
> http://lists.caosity.org/mailman/listinfo/centos
>
>
>
>
