Re: awstats AVC denial

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



well, I suppose it's a feature

I did more sasearch and looked what is allowed:

   allow httpd_sys_script_t httpd_sys_script_ra_t : dir { ioctl read write getattr lock add_name search };
   allow httpd_sys_script_t httpd_sys_script_ro_t : dir { read getattr search };
   allow httpd_sys_script_t httpd_sys_script_rw_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir };

so I have to relabel all files from httpd_sys_content_t to httpd_sys_script_ro_t in Redhat? doesn't make much sense to me


Sincerely yours,
  Vadym Chepkov


--- On Sat, 2/7/09, Dominick Grift <domg472@xxxxxxxxx> wrote:

> From: Dominick Grift <domg472@xxxxxxxxx>
> Subject: Re: awstats AVC denial
> To: "Vadym Chepkov" <chepkov@xxxxxxxxx>
> Cc: "Fedora SELinux" <fedora-selinux-list@xxxxxxxxxx>
> Date: Saturday, February 7, 2009, 11:07 AM
> On Sat, 2009-02-07 at 08:03 -0800, Vadym Chepkov wrote:
> 
> > Why?
> 
> That confirms that there is not any "tunable"
> policy available and that
> this is a bug in policy.
> 
> > Sincerely yours,
> >   Vadym Chepkov
> >

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux