dontaudit! arrr! was Re: no avc denial for httpd_tty_comm checks ???
Zing
shishz at hotpop.com
Sat Sep 9 20:10:50 UTC 2006
On Sat, 09 Sep 2006 15:44:12 -0400, Zing wrote:
> On Sat, 09 Sep 2006 03:57:14 -0700, Steve G wrote:
>
>
>>>That's fine, but the first thing I checked was "aureport --failed -a"
>>>and it was silent about anything failing...
>>
>> What aureport considers a failure is syscalls that fail. For example, if
>> you have your system in permissive mode, the syscall associated with any
>> avcs would actually suceed. If you taked the --failed flag away, do you
>> see the expected avc being reported?
>
> sorry, looks the same.
>
> I double checked i am in enforcing and targeted policy mode and just tried
> again and still nothing. I can basically "setsebool httpd_tty_comm 0" and
> get this error in apache ssl_error_log:
ah ha... i just found out about the dontaudit rule (devious bugger!)... i
can see the avc denial now if I "semodule -b <path to> enableaudit.pp":
type=AVC msg=audit(1157831739.873:3618): avc: denied { read write } for
pid=19145 comm="httpd" name="1" dev=devpts ino=3
scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:devpts_t:s0
tclass=chr_file
zing
More information about the fedora-selinux-list
mailing list