Re: Request Tracker 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-01-02 at 10:22 -0500, Kanwar Ranbir Sandhu wrote:
> avc:  denied  { search } for  pid=2851 exe=/usr/bin/perl name=postfix
> dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
> 
> avc:  denied  { search } for  pid=2851 exe=/usr/bin/perl name=postfix
> dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_spool_t tclass=dir
> 
> avc:  denied  { setrlimit } for  pid=2856 exe=/usr/sbin/sendmail.postfix
> scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t
> tclass=process

I've learned a little more about selinux, and so ran audit2allow on the
denials above to generate the following two policies:

allow httpd_sys_script_t var_spool_t:dir search;
allow httpd_t self:process setrlimit;

I know I can use dontaudit to turn off auditing for these policies
(instead of allowing), but I don't know if that's a good idea, or even
the right approach.

Thanks,

Ranbir
-- 
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux