Re: OpenDKIM and SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, May 12, 2014 14:05, Daniel J Walsh wrote:

>> dac_read_search and dac_override are usually bad to add. They typically
>> mean the permission flags on the file in question is two tight for a
>> root process to read/use.
>>
>> Loosing up the group/other permissions would probably allow a root
>> process to read the object without requiring these capabities.

> I just wrote a quick blog on this.
>
> https://danwalsh.livejournal.com/69478.html
>
>

So, to turn on full path reporting I do this:

# echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules
# service auditd restart

My question is: what is the effect that "-w /etc/shadow -p w" has on SELinux
with respect to reporting the full path of file names in AVCs?  In other
words, why does that work?

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux