Snort and sysadm_devpts
Business DSL User
biz7rv0y at verizon.net
Mon Aug 16 18:09:16 UTC 2004
Hi Stephen and all,
> There is an 'enableaudit' target in the policy Makefile that does
> precisely that - see the Fedora SELinux FAQ. make enableaudit load,
> then make clean load later to revert.
Cool! I clearly need to re-read the FAQ, since it's apparently been updated
since my last reading <g>. Good work, Karsten!
>> 2. Is there possibly a better policy tweak that would permit Snort to
>> restart okay? I'm not cheerful about giving Snort access to the console.
>
> Update to the latest FC2 kernel and policy. A change was made to
> SELinux to re-open descriptors that it closes on exec to the null
> device. This avoids inducing program misbehavior when SELinux closes
> descriptors.
Drat! No can do: The latest kernel includes a bug that restricts my Intel
e1000 network adapter to about 20 kbps. So, I've been forced to regress to
the next to latest kernel.
Thanks,
More information about the fedora-selinux-list
mailing list