CentOS 6.4 (probably not the current kernel)
selinux-policy, selinux-policy-targetd 3.7.19-155.el6_3.14
And we're running SiteMinder from CA (and have *zero* control over that,
don't get me started)
unconfined_u:system_r:httpd_t:s0 apache <...> LLAWP
/etc/httpd/conf/WebAgent.conf -APACHE22
apache root unconfined_u:object_r:httpd_log_t:s0 /var/log/httpd/agent.log
So, why would I get AVCs, and running them through audit2allow gives me:
#============= httpd_t ==============
allow httpd_t httpd_log_t:file write;
Why on earth can't something running as httpd_t write to a logfile of
httpd_log_t in /var/log/httpd/?
And then there's this...
#============= setroubleshootd_t ==============
allow setroubleshootd_t httpd_sys_script_t:dir read;
allow setroubleshootd_t httpd_sys_script_t:file getattr;
Shouldn't setroubleshootd have rights?
mark
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
