On Mon, 2007-09-03 at 16:07 -0400, William Warren wrote:
> I run selinux in permissive. Once i figure out how to write policy i'll
> put it back on active..<G>
>
> Lanny Marcus wrote:
> > On 01 September 2007, William Warren
> > <hescominsoon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> >> Message: 3
> > <snip>
> >
> >> you can also go with webmin to configure this stuff..<G>
> >
> > If you use Webmin, at this time, it is probably not a good idea to use
> > SELinux with it. I have a very recent thread about this and there is a
> > bug on Webmin. The SELinux folks are aware of it. Below is about
> > SELinux. Lanny
> >
> >> This explanation and description of the problem are fine. We probably
> >> need a custom policy for webmin to allow iptables to write to scripts
> >> running as webmin, since catching stderr is important. There is no
> >> file context that can be set to allow this. As I recall from the
> >> original bug report, iptables was also trying to communicate with
> >> another open file descriptor. This one I beleive should be closed on
> >> exec.
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
> >
> >
>
Using audit2allow you should be able to take the SELinux denied messages
and convert them into a policy. I've done that for syslog-ng in the
past.
--
Timothy Selivanow <timothys@xxxxxxxxxxxxxx>
Linux System Administrator
EasyStreet Online Services, Inc. http://www.easystreet.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
