dontaudit! arrr! was Re: no avc denial for httpd_tty_comm checks ???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 09 Sep 2006 15:44:12 -0400, Zing wrote:

> On Sat, 09 Sep 2006 03:57:14 -0700, Steve G wrote:
> 
> 
>>>That's fine, but the first thing I checked was "aureport --failed -a"
>>>and it was silent about anything failing...
>> 
>> What aureport considers a failure is syscalls that fail. For example, if
>> you have your system in permissive mode, the syscall associated with any
>> avcs would actually suceed. If you taked the --failed flag away, do you
>> see the expected avc being reported?
> 
> sorry, looks the same.
> 
> I double checked i am in enforcing and targeted policy mode and just tried
> again and still nothing.  I can basically "setsebool httpd_tty_comm 0" and
> get this error in apache ssl_error_log:

ah ha... i just found out about the dontaudit rule (devious bugger!)... i
can see the avc denial now if I "semodule -b <path to> enableaudit.pp":

type=AVC msg=audit(1157831739.873:3618): avc:  denied  { read write } for 
pid=19145 comm="httpd" name="1" dev=devpts ino=3
scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:devpts_t:s0
tclass=chr_file

zing

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux