Re: no avc denial for httpd_tty_comm checks ???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 09 Sep 2006 03:57:14 -0700, Steve G wrote:

> 
>>That's fine, but the first thing I checked was "aureport --failed -a" 
>>and it was silent about anything failing...
> 
> What aureport considers a failure is syscalls that fail. For example, if
> you have your system in permissive mode, the syscall associated with any
> avcs would actually suceed. If you taked the --failed flag away, do you
> see the expected avc being reported?

sorry, looks the same.

I double checked i am in enforcing and targeted policy mode and just tried
again and still nothing.  I can basically "setsebool httpd_tty_comm 0" and
get this error in apache ssl_error_log:

[Sat Sep 09 15:34:52 2006] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
[Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218734605
error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

and nothing in "aureport -a", then "setsebool httpd_tty_comm 1" and apache
will prompt accordingly and startup.

zing

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux