I found a bug in Webmin. The author of Webmin is also a SELinux newbie. (this is the first time I have enabled SELinux) He would like me to post and try to find help, from experienced SELinux users. He wrote: > Unfortunately I am a newbie when it comes to selinux too :-( > What I am looking for is a way to selinux that any process can write > to a file. I suspect that the chcon command can do this, but am not > sure how.. Prior to the above, he wrote: > Ok, thanks ... I see the problem. Webmin opens the log file > /var/webmin/miniserv.error and connects STDERR to it, then runs other > commands like iptables, which inherits the STDERR file descriptor. > This is generally a good thing, as any error output from the iptables > command will go to that log file. > > But with selinux enabled, this fails as iptables doesn't have the > security context needed to write to that file. Is there a chcon option > or other command that can allow a file to be written by any process? > If so, I should update Webmin to run that on the error log file. This bug is at the below URL: <https://sourceforge.net/tracker/?func=detail&atid=117457&aid=1781101&group_id=17457> If someone can explain, in simple terms, what needs to be done, that will be greatly appreciated! TIA, Lanny -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
