Hi.
Just noted a user tried to add .forward by using the forwarding module
in squirrelmail.
Jul 20 00:56:52 spock kernel: audit(1121813812.917:1844): avc: denied
{ setgid } for pid=24466 comm="wfwd" capability=6
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=capability
httpd log:
/usr/local/sbin/wfwd: Operation not permitted
[root@spock html]# audit2allow -d -l
allow httpd_sys_script_t self:capability setgid;
The tool used is wfwd.
httpd booleans:
httpd_builtin_scripting active
httpd_can_network_connect active
httpd_disable_trans inactive
httpd_enable_cgi active
httpd_enable_homedirs active
httpd_ssi_exec active
httpd_suexec_disable_trans inactive
httpd_tty_comm inactive
httpd_unified active
I wonder what will happen when a user tries to change the password using
the change password plugin...
/Nicke
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
