-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Griffiths wrote:
> This is what audit2allow is showing now.
>
> tail -n60 /var/log/messages | audit2allow -m local
>
> module local 1.0;
>
> require {
> type unlabeled_t;
> type default_t;
> type boot_t;
> type httpd_t;
> type httpd_sys_script_t;
> type lost_found_t;
> class lnk_file read;
> class dir getattr;
> class file { read write getattr };
> }
>
> #============= httpd_sys_script_t ==============
> allow httpd_sys_script_t unlabeled_t:file { read write };
>
> #============= httpd_t ==============
> allow httpd_t boot_t:dir getattr;
> allow httpd_t default_t:file getattr;
> allow httpd_t default_t:lnk_file read;
> allow httpd_t lost_found_t:dir getattr;
>
> It is getting worse.
>
> Regards,
> John
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
What OS and what version of policy are you running. You might want to
yum update selinux-policy
default_t looks like you added some directory at / and did not label it
with httpd_sys_content_t?
The getattr can probably be dontaudit since I doubt your app actually
wants to look at these directories.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFG2IK0rlYvE4MpobMRAuIhAJ9owSu6/rwqV2HYt/RCHOll4nl8qgCfQoaT
yVXCjJQYxht6xa/tktGp26I=
=Hc/F
-----END PGP SIGNATURE-----
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
