On 01/12/2012 03:48 AM, Daniel J Walsh wrote:
> In Fedora we currently dontaudit this leak.
>
> audit2allow -i /tmp/t
>
>
> #============= httpd_sys_script_t ==============
> #!!!! This avc has a dontaudit rule in the current policy
>
> allow httpd_sys_script_t httpd_t:udp_socket { read write };
Pow. Reasonable answer, and it isn't so hard to run that command -- its
just difficult to understand why its necessary if you don't know
anything about the environment, and mystifying if you know the command
but nothing about what's going on.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Re: SELinux blocking cgi script from "writing to socket (httpd_t)"
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: centos@xxxxxxxxxx
- Subject: Re: SELinux blocking cgi script from "writing to socket (httpd_t)"
- From: 夜神 岩男 <supergiantpotato@xxxxxxxxxxx>
- Date: Thu, 12 Jan 2012 04:50:10 +0900
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <4F0DD983.7060002@redhat.com>
- User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110429 Red Hat/3.1.10-1.el6_0 Thunderbird/3.1.10
- Follow-Ups:
- Re: SELinux blocking cgi script from "writing to socket (httpd_t)"
- From: Daniel J Walsh
- Re: SELinux blocking cgi script from "writing to socket (httpd_t)"
- References:
- SELinux blocking cgi script from "writing to socket (httpd_t)"
- From: Bennett Haselton
- Re: SELinux blocking cgi script from "writing to socket (httpd_t)"
- From: Daniel J Walsh
- SELinux blocking cgi script from "writing to socket (httpd_t)"
- Prev by Date: Re: SELinux and access across 'similar types'
- Next by Date: Re: SELinux blocking cgi script from "writing to socket (httpd_t)"
- Previous by thread: Re: SELinux blocking cgi script from "writing to socket (httpd_t)"
- Next by thread: Re: SELinux blocking cgi script from "writing to socket (httpd_t)"
- Index(es):
 |