Ignacio Vazquez-Abrams wrote:
>On Mon, 2005-03-14 at 11:47 -0500, James B. Byrne wrote:
>
>
>>allow httpd_t var_log_t:file { append read write };
>>allow mailman_cgi_t file_t:dir search;
>>Nuh uh. These permissions are WAY too broad. Log this in the CentOS bug
>>tracker.
>>
>>
Yes, you are right. It allows mailman cgis to search all the directories
with enough permission in the DAC space.
Hmm. A bug in audit2allow? I think it would be enough to allow mailman
to search the mailman related dirs and files.
bye,
Ago
[Centos] CentOS4 SELinux and Mailman
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: [Centos] CentOS4 SELinux and Mailman
- From: ago at lsc.hu (Deim Ágoston)
- Date: Mon Mar 14 17:07:19 2005
- In-reply-to: <1110819615.12199.5.camel@xxxxxxxxxxxxxxxxxxx>
- References: <423579C0.25815.1E7B0DF0@localhost> <1110819615.12199.5.camel@xxxxxxxxxxxxxxxxxxx>
- Follow-Ups:
- [Centos] CentOS4 SELinux and Mailman
- From: Ignacio Vazquez-Abrams
- [Centos] CentOS4 SELinux and Mailman
- References:
- [Centos] CentOS4 SELinux and Mailman
- From: James B. Byrne
- [Centos] CentOS4 SELinux and Mailman
- From: Ignacio Vazquez-Abrams
- [Centos] CentOS4 SELinux and Mailman
- Prev by Date: [Centos] CentOS4 SELinux and Mailman
- Next by Date: [Centos] mimedefang & milter-greylist packages
- Previous by thread: [Centos] CentOS4 SELinux and Mailman
- Next by thread: [Centos] CentOS4 SELinux and Mailman
- Index(es):
 |