-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Josef Kubin wrote: > Hello, it needs a new SELinux policy for rkhunter: > I'm currently working on it ... > Relational thing is https://bugzilla.redhat.com/show_bug.cgi?id=438576 > > Josef > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Joseph and I played around with a policy for rkhunter and quickly found it to be too cumbersome to confine. Pretty much needs unconfined_domain to do its thing. rkhunter package is moving it's log files to /var/log and other files to /var/run, We can then make policy for sendmail to dontaudit writes. This is a perfect example of allowing sendmail Read/Write but no Open. Pedro, you can allow this access by executing # grep mail /var/log/audit/audit.log | audit2allow -M myrkhunter # semodule -i myrkhunter.pp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfud2kACgkQrlYvE4MpobP0NACghVmyJZHkrZXjhZfkU1PvJzTz EpwAniKVdm6r34QiHcS6sq5OVttSiBwZ =ee01 -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
