RE: SELinux Blocking Ping

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I've had something similar work with this sort of extra policy.

$ cat localhttpping.te
##############################################
module localhttpping 1.0.4;

require {
       type httpd_sys_script_t;
       type ping_t;
       type ping_exec_t;
       class process { transition };
}

allow httpd_sys_script_t ping_t:process transition;
domain_auto_trans(httpd_sys_script_t,ping_exec_t,ping_t);
$

This was from a CGI shell script, so if it's coming via PHP it might be in httpd_t rather than httpd_sys_script_t




-- 
Ted Rule

Director, Layer3 Systems Ltd
Layer3 Systems Limited is registered in England.  Company no 3130393
43 Pendle Road, Streatham, London, SW16 6RT

Tel: 020-8769-4484
Mob: 07946-908914
GPG Fingerprint = 9227:3434:b51d:c7a1:eea6:21e2:418a:8997:c104:7566

E: ejtr@xxxxxxxxxxxx
W: http://www.layer3.co.uk/
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux