On Fri, 2005-06-03 at 16:29 +1000, Russell Coker wrote: > On Thursday 02 June 2005 13:25, Florin Andrei <florin@xxxxxxxxxxxxxxx> wrote: > > Any guidelines for changing the SELinux config for a system that's > > controlled over a web interface running in Apache? The interface is > > supposed to do things like: stop/start services, change network > > settings, etc. > > Probably the easiest solution will be to have Apache or the CGI-BIN script in > question running unconfined. True, but I'd like to avoid that. Is there any tutorial that describes how to use the selinux avc: denied messages to "loosen up" the policy? I'd imagine that by exercising the daemon in all ways possible, and keeping an eye on syslog at the same time, I should be able to figure out what needs to be permitted in the policy, right? Should be fairly straightforward once the details are comprehended. Any guidelines/howto/cookbook on the subject? -- Florin Andrei http://florin.myip.org/ -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
