-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/14/2014 04:45 PM, m.roth@xxxxxxxxx wrote: > CentOS 6.5. We've got a script running under apache for users to d/l > software. Please don't ask my why it needs sudo.... > > At any rate, sealert tells me "SELinux is preventing /usr/bin/sudo from > write access on the key .", and when I grep sudo /var/log/audit/audit.log > | audit2allow, it shows that it would allow the script self:key write; > > What is self:key, and would this be very bad, or can I get away with it for > this one script? > > mark > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > It allows a process to write to its own kernel keyring. It is not a big deal to allow it. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMCM00ACgkQrlYvE4MpobPnBwCeI8i2hFHIuzyezCa9+UIMVgwH 6SQAnjtcuqca7hbMbYaY0hQABiYE8Gvq =ysBO -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
