sesearch output

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On CentOS 6 I'm trying to get logrotate to work on some web files.  At the
moment they're httpd_sys_content_t and give 

Oct 16 03:43:06 sls kernel: type=1400 audit(1350355386.304:42512): avc:
denied  { read write } for  pid=1275 comm="logrotate" name="dnsview.html"
dev=dm-4 ino=263703 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023
tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file

I wanted to see what did have access to those files, so used 

# sesearch --allow -t httpd_sys_content_t | less

I thought that would show me all the allow rules with a target of
httpd_sys_content_t, but it seems to show other stuff as well, which
confused me:

   allow logwatch_t file_type : filesystem getattr ;
   allow logwatch_t file_type : file getattr ;
   allow logwatch_t file_type : dir { getattr search open } ;
   allow logwatch_t file_type : lnk_file getattr ;

and so on.  Is that supposed to show up?  Does it mean that logwatch can
search all directories regardless of their context?

Is there a context that would be appropriate for my files or will I need
custom policy if I want to rotate them?



Moray.
"To err is human; to purr, feline."






--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux