Here's the targeted policy. It has some of the httpd errors from the strict policy test. Kernel: 2.6.7-1.448 Selinux-targeted: 1.13.8-1 I relabeled prior to running this test. I'm sorry if any of this are duplicates or have been fixed. ================================================================== audit2allow: allow httpd_t bin_t:dir { getattr }; allow httpd_t httpd_log_t:file { write }; allow httpd_t sbin_t:dir { getattr }; =================================================================== HTTPD 1) name = /sbin or /usr/sbin tclass = dir denied { getattr } exe = /usr/sbin/httpd scontext = system_u:system_r:httpd_t tcontext = system_u:object_r:sbin_t 2) name = /bin or /usr/bin or /usr/X11R6/bin tclass = dir denied { getattr } exe = /usr/sbin/httpd scontext = system_u:system_r:httpd_t tcontext = system_u:object_r:bin_t 3) name = jk2.shm tclass = file denied { write } exe = /usr/sbin/httpd scontext = system_u:system_r:httpd_t tcontext = system_u:object_r:httpd_log_t
Attachment:
signature.asc
Description: This is a digitally signed message part