On Sat, 2012-02-18 at 14:51 +0100, Ole Jon Bjørkum wrote: > Hi! > > > I have a problem with SELinux not allowing PHP to list other users' > processes with the "ps" command. > If I disable SELinux with "setenforce 0" it works immediately. > > > Is it possible to allow PHP to do this without disabling SELinux > completely? Yes, something like this would probably allow it: mkdir mytest; cd mytest; echo "policy_module(mytest, 1.0.0) gen_require(` type httpd_t; attribute domain; ') ps_process_pattern(httpd_t, domain)" > mytest.te; make -f /usr/share/selinux/devel/Makefile mytest.pp sudo semodule -i mytest.pp now httpd_t should be able to ps all domains. > > Thanks! > > > Ole Jon > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
