Re: Permission denied to cgi-script when enforcing selinux on RHEL6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "DG" == Dominick Grift <dominick.grift@xxxxxxxxx> writes:

DG> You should really see AVC denials when you build the policy.db with
DG> the dontaudit rules removed (semodule -DB)
DG> Maybe you've overlooked them?

I know the original question was about EL6 but I had some issues with
CGI-type stuff outside of a specific cgi-bin directory recently on F16,
and I was quite surprised that completely relevant AVCs were hidden
behind dontaudit rules.  In fact, I had no AVCs at all for that
situation; stuff just failed to work without any indication of why.
semodule -DB made it completely obvious, once you picked out the AVCs
that caused the problem from whatever random other stuff was expected to
happen.

Is there any reasonable explanation for why these AVCs are not shown by
default?

 - J<
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux