On Thu, 2010-04-08 at 18:10 +0200, Dominick Grift wrote: > Alright lets try and wrap this up. [snipped lots of stuff to wrap things up] Well Dominick, I triggered a Mod-Sec alert nearly 20 minutes ago and so far (touching wood here) there are no reported AVCs! Thank you so much for all the effort you put into this. I realise that this in in addition to your daily workload so I am full of gratitude. Feeling guilty that I have consumed so much of your time rather selfishly, I was wondering if this work could be used by other than just me? Although the ModSecurity-Console is is not from a Fedora RPM, a large part of what we (you) dealt with is the interaction between mod-security and mlogc, which (in my case at least) were installed from Fedora RPMs. I don't know if the package maintainer for that RPM is on this list, but could this policy be applied to that package? Or could some of this find its way into general SEL policy? Anyhow... I guess the only thing remaining (if it all stays quiet) is to remove the "permissive mlogc_t;" directive from mlogc.te and put the system back into Enforcing mode? Thanks again? I'm not even sure what time zone you're in, but if you're ever in London I'll buy you a pint! Cheers! Mark
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
