Yup... SELinux is all double-dutch to me.... :-/ I need to spend the time reading up on it. What is everyone's assessment of it? Is it a worthwhile addition? On Tue, 8 Mar 2005 14:31:27 -0600, Craig Gill <cgill27@xxxxxxxxx> wrote: > I ran audit2allow against my /var/log/messages which shows what needs > to be added/changed/allowed in selinux, but I'm brand new to selinux > and not sure which file under /etc/selinux to add or change, can you > point me in the right direction? > Here's the output from the audit2allow program: > > allow httpd_sys_script_t devlog_t:sock_file write; > allow httpd_sys_script_t self:process setrlimit; > allow httpd_sys_script_t self:unix_dgram_socket { connect create }; > allow httpd_sys_script_t syslogd_t:unix_dgram_socket sendto; > allow httpd_sys_script_t var_spool_t:dir { add_name remove_name search write }; > allow httpd_sys_script_t var_spool_t:fifo_file { getattr write }; > allow httpd_sys_script_t var_spool_t:file { create getattr rename > setattr write}; > > Thanks, > Craig > > On Tue, 08 Mar 2005 12:05:02 -0500, Ignacio Vazquez-Abrams > <ivazquez@xxxxxxxxxxxx> wrote: > > On Tue, 2005-03-08 at 10:51 -0600, Craig Gill wrote: > > > Does anybody know how to configure selinux to remain active for > > > targeted daemons and still allow a php script to use the mail() > > > function to send email via postfix? > > > > Just modify the policies appropriately. > > > > http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/ > > > > -- > > Ignacio Vazquez-Abrams <ivazquez@xxxxxxxxxxxx> > > http://centos.ivazquez.net/ > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS@xxxxxxxxxxx > > http://lists.caosity.org/mailman/listinfo/centos > > > > > > > > > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxxx > http://lists.caosity.org/mailman/listinfo/centos >