On Sat, 09 Sep 2006 03:57:14 -0700, Steve G wrote: > >>That's fine, but the first thing I checked was "aureport --failed -a" >>and it was silent about anything failing... > > What aureport considers a failure is syscalls that fail. For example, if > you have your system in permissive mode, the syscall associated with any > avcs would actually suceed. If you taked the --failed flag away, do you > see the expected avc being reported? sorry, looks the same. I double checked i am in enforcing and targeted policy mode and just tried again and still nothing. I can basically "setsebool httpd_tty_comm 0" and get this error in apache ssl_error_log: [Sat Sep 09 15:34:52 2006] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?] [Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag [Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error [Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib and nothing in "aureport -a", then "setsebool httpd_tty_comm 1" and apache will prompt accordingly and startup. zing -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
