On Tue, 2005-02-01 at 11:52 -0500, Kanwar Ranbir Sandhu wrote:
> On Tue, 2005-01-02 at 10:22 -0500, Kanwar Ranbir Sandhu wrote:
> > avc: denied { search } for pid=2851 exe=/usr/bin/perl name=postfix
> > dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> > tcontext=system_u:object_r:var_spool_t tclass=dir
> >
> > avc: denied { search } for pid=2851 exe=/usr/bin/perl name=postfix
> > dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> > tcontext=system_u:object_r:var_spool_t tclass=dir
> >
> > avc: denied { setrlimit } for pid=2856 exe=/usr/sbin/sendmail.postfix
> > scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t
> > tclass=process
>
> I've learned a little more about selinux, and so ran audit2allow on the
> denials above to generate the following two policies:
>
> allow httpd_sys_script_t var_spool_t:dir search;
> allow httpd_t self:process setrlimit;
Does adding those two permissions actually fix the problem?
