Yup... SELinux is all double-dutch to me.... :-/
I need to spend the time reading up on it.
What is everyone's assessment of it? Is it a worthwhile addition?
On Tue, 8 Mar 2005 14:31:27 -0600, Craig Gill <cgill27@xxxxxxxxx> wrote:
> I ran audit2allow against my /var/log/messages which shows what needs
> to be added/changed/allowed in selinux, but I'm brand new to selinux
> and not sure which file under /etc/selinux to add or change, can you
> point me in the right direction?
> Here's the output from the audit2allow program:
>
> allow httpd_sys_script_t devlog_t:sock_file write;
> allow httpd_sys_script_t self:process setrlimit;
> allow httpd_sys_script_t self:unix_dgram_socket { connect create };
> allow httpd_sys_script_t syslogd_t:unix_dgram_socket sendto;
> allow httpd_sys_script_t var_spool_t:dir { add_name remove_name search write };
> allow httpd_sys_script_t var_spool_t:fifo_file { getattr write };
> allow httpd_sys_script_t var_spool_t:file { create getattr rename
> setattr write};
>
> Thanks,
> Craig
>
> On Tue, 08 Mar 2005 12:05:02 -0500, Ignacio Vazquez-Abrams
> <ivazquez@xxxxxxxxxxxx> wrote:
> > On Tue, 2005-03-08 at 10:51 -0600, Craig Gill wrote:
> > > Does anybody know how to configure selinux to remain active for
> > > targeted daemons and still allow a php script to use the mail()
> > > function to send email via postfix?
> >
> > Just modify the policies appropriately.
> >
> > http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/
> >
> > --
> > Ignacio Vazquez-Abrams <ivazquez@xxxxxxxxxxxx>
> > http://centos.ivazquez.net/
> >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxxx
> > http://lists.caosity.org/mailman/listinfo/centos
> >
> >
> >
> >
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxxx
> http://lists.caosity.org/mailman/listinfo/centos
>
