awstats AVC denial
Vadym Chepkov
chepkov at yahoo.com
Sat Feb 7 16:27:55 UTC 2009
well, I suppose it's a feature
I did more sasearch and looked what is allowed:
allow httpd_sys_script_t httpd_sys_script_ra_t : dir { ioctl read write getattr lock add_name search };
allow httpd_sys_script_t httpd_sys_script_ro_t : dir { read getattr search };
allow httpd_sys_script_t httpd_sys_script_rw_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir };
so I have to relabel all files from httpd_sys_content_t to httpd_sys_script_ro_t in Redhat? doesn't make much sense to me
Sincerely yours,
Vadym Chepkov
--- On Sat, 2/7/09, Dominick Grift <domg472 at gmail.com> wrote:
> From: Dominick Grift <domg472 at gmail.com>
> Subject: Re: awstats AVC denial
> To: "Vadym Chepkov" <chepkov at yahoo.com>
> Cc: "Fedora SELinux" <fedora-selinux-list at redhat.com>
> Date: Saturday, February 7, 2009, 11:07 AM
> On Sat, 2009-02-07 at 08:03 -0800, Vadym Chepkov wrote:
>
> > Why?
>
> That confirms that there is not any "tunable"
> policy available and that
> this is a bug in policy.
>
> > Sincerely yours,
> > Vadym Chepkov
> >
More information about the fedora-selinux-list
mailing list