Are you using a system with auditd? Check /var/log/audit/audit.log -Eric On Tue, 2005-09-27 at 15:31 +0200, pedro esteban wrote: > > Ok here is how I have simulated what you are trying to do. > > > > cp /bin/sh /var/www/httpdsh > > chcon -t httpd_exec_t /var/www/httpdsh > > > > Add the following lines to > > /etc/selinux/targeted/src/policy/domains/misc/local.te > > > > > > domain_auto_trans(unconfined_t,httpd_exec_t, httpd_t) > > allow httpd_t devpts_t:chr_file rw_file_perms; > > > > cd /etc/selinux/targeted/src/policy/ > > make load > > setsebool httpd_tty_comm=1 > > > > Then run > > /var/www/httpdsh > > as root. > > > > /var/www/httpdsh > > httpdsh: /root/.bashrc: Permission denied > > # id > > uid=0(root) gid=0(root) > > groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) > > context=root:system_r:httpd_t:s0-s0:c0.c127 > > # cat /etc/shadow > > cat: /etc/shadow: Permission denied > > # cat /var/log/messages > > cat: /var/log/messages: Permission denied > > ok, finally I have obtained it works! thanks > But still I have a problem, when i do a non-allowed operation i can > not see the avc dennied message in the /var/log/messeges. i have > tried to solve it compiling with the option "make enableaudit" and > also doing the operation in permissive mode, but still doesnt work. > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
