-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/01/2011 06:10 PM, Bill Chimiak wrote:
> fwknop is a single passphrase authorization system.
> Fairly cool. selinux did not like fwknop out of the box.
> It wanted a new module:
>
> module iptab2log 1.0;
>
> require {
> type var_log_t;
> type iptables_t;
> class file write;
> }
>
> #============= iptables_t ==============
> allow iptables_t var_log_t:file write;
Did you notice any loss of functionality?
This may be a leaked file descriptor or something may be passing the
open file to iptables.
You may be able to dontaudited this:
dontaudit iptables_t var_log_t:file write;
Which file exactly is it trying to write to?
By the way this is not the optimal list to be posting this to.
> It works now. Was there another way to do this?
> William J. Chimiak
> Laboratory for Telecommunication Sciences
> 8080 Greenmead Drive, College Park, MD 20740
> 301-422-5217
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2V/t8ACgkQMlxVo39jgT9fUwCdFJjDtXHn1mEneKmP2H9RAk64
+BgAn3SkOt3TuYAAcHr7M1PpGJRZyQYo
=UI5R
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
