Rodrigo Damazio wrote:
I've made the dontaudit changes you suggested and they everything seems to still work. However, I'm still having problems with apache - I use too many PHP functions which do various things such as executing external programs, opening sockets, connecting to postgres, etc. that generate avc denied errors. I tried, thus, to remove apache.te from domains/program, just to find out that mailman depended on it - it gives me an error about mailman_cgi_exec_t (which, indeed, is only defined if apache.te is defined, but it appears in the mailman.fc file without an ifdef - adding an ifdef made it all work perfectly. I wonder if there's a way to use selinux with apache without limiting php functions.
Rodrigo
Not really, that is what httpd_unified boolean was to make apache work with most common environments. I would like to see the AVC messages you are getting on these though. Apache should be able to communicate with postgres using the latest policy. Are you running NIS on this machine?
Dan
