FC3 and selinux
Hans Müller
ndof at gmx.li
Wed Mar 9 13:54:27 UTC 2005
> Why is /etc/php.ini a link file?
It is a link file because i have installed then Zend Optimizer.
>> and at step 5 I have entry with the avc: denied messages.
>> This have i found:
>> Mar 9 13:19:00 homer kernel: audit(1110370740.023:0): avc: denied {
>> unlink } for pid=5797
>> exe=/usr/sbin/httpd name=ssl_mutex.5797 dev=hda1 ino=1063633
>> scontext=root:system_r:httpd_t
>> tcontext=root:object_r:httpd_log_t tclass=file
>>
>>
> Is there a way to get these files creates somewhere else? We might need
> to change policy, but allowing httpd the ability to unlink log files
> is not an option. Since this would allow a cracker to cleanup his tracks.
I think no. The logfiles the since FC2 can it be that a have to do something with the logfiles??
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050309/8d440452/attachment-0001.sig>
More information about the fedora-list
mailing list