| Hello people, I hope someone can help me with this problem. I have FEDORA CORE 3 with:
- changepassword-0.9.tar.gz When I access "var/www/cgi-bin/changepassword.cgi" program and try to change squid passwords, SELINUX security send to the console some errrors as that: Jul 10 13:48:19 proxy kernel: audit(1152560899.793:2): avc: denied { read } for pid=4004 comm="changepassword." name="shadow" dev=hda2 ino=1166230 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:shadow_t tclass=file Jul 10 13:48:19 proxy kernel: audit(1152560899.793:3): avc: denied { getattr } for pid=4004 comm="changepassword." name="shadow" dev=hda2 ino=1166230 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:shadow_t tclass=file I did ran the selinux command: [root@proxy ~]# audit2allow -i /var/log/messages allow httpd_sys_script_t shadow_t:file { getattr read }; allow httpd_t httpd_sys_script_t:process { noatsecure rlimitinh siginh }; allow httpd_t nscd_var_run_t:dir search; allow snmpd_t selinux_config_t:file { getattr read }; allow snmpd_t self:process execmem; allow squid_t boot_t:dir getattr; allow squid_t home_root_t:dir getattr; allow squid_t nscd_var_run_t:dir search; allow syslogd_t root_t:file read; I add thats security lines to domains/program/apache.te I add that security lines to policy/policy.conf , but anything is working. I was reading some post of other mailing list, and some ones say that I must to change apache.te, , others say that I must to create into misc/local.te and add that lines, but anything can fix my problem. I run again audit2allow -i /var/log/messages and I get same messages. I run " make load" command and "reboot", but i can't get "changepassword application" do change my squid users password across website. Can some help me about that??? |
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
