On 4/19/07, Stefan Held <obi@xxxxxxxxxxxxx> wrote:
Am Donnerstag, den 19.04.2007, 11:17 +0900 schrieb net foss: > Hi all, su - cd ~ cp that one: > type=SYSCALL msg=audit(1176946812.492:244): arch=40000003 syscall=102 > success=no exit=-13 a0=2 a1=bf880060 a2=81109f0 a3=bf88007c items=0 > ppid=15684 pid=15705 auid=500 uid=23 gid=23 euid=0 suid=0 fsuid=0 > egid=23 sgid=23 fsgid=23 tty=(none) comm="squid" exe="/usr/sbin/squid" > subj=user_u:system_r:squid_t:s0 key=(null) into a file named: squid_snmp_audit.log run: audit2allow -M squid_snmp -i squid_snmp_audit.log after that: semodule -i squid_snmp.pp
Thank you very much for you help, Stefan. Everything I had to do with SELinux in CentOS 4.x (enforcing and targeted mode) is only changing the context of web contents. But now several different SELinux problems happen to my CentOS 5 box. One of them is access denied when squid opens snmp_port that I have described in previous mail. Another one is access denied when squirrelmail connects to localhost:imap (cyrus-imapd server here). I think that I can apply your suggested method to solve these problems. I have another question. Must I make these rules again after update the policy package or not (i.e. will the next updates of selinux-policy package overwrite the manually edit rules or not?).
> Any hint to solve the problem is appreciated. Greetings -- Stefan Held VI has only 2 Modes: obi unixkiste org The first one is for beeping all the time, FreeNode: foo_bar the second destroys the text. --------------------------------------------------------------------------- Fedora Ambassador: http://fedoraproject.org/wiki/StefanHeld --------------------------------------------------------------------------- perl -e'map{print pack c,($|++?1:13)+ord,select$,,$,,$,,$|}split//,ESEL.$/' --------------------------------------------------------------------------- GPG-Keyprint = 75C0 F029 CA71 F061 6C07 0640 38F7 E5F9 4EA5 A385 _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
-- NetFOSS netfoss@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos