FC3 and selinux
Daniel J Walsh
dwalsh at redhat.com
Wed Mar 9 14:39:02 UTC 2005
Hans Müller wrote:
>>Why is /etc/php.ini a link file?
>>
>>
>It is a link file because i have installed then Zend Optimizer.
>
>
Ok I will add the privs to do this.
>
>
>>>and at step 5 I have entry with the avc: denied messages.
>>>This have i found:
>>>Mar 9 13:19:00 homer kernel: audit(1110370740.023:0): avc: denied {
>>>unlink } for pid=5797
>>>exe=/usr/sbin/httpd name=ssl_mutex.5797 dev=hda1 ino=1063633
>>>scontext=root:system_r:httpd_t
>>>tcontext=root:object_r:httpd_log_t tclass=file
>>>
>>>
>>>
>>>
>>Is there a way to get these files creates somewhere else? We might need
>>to change policy, but allowing httpd the ability to unlink log files
>>is not an option. Since this would allow a cracker to cleanup his tracks.
>>
>>
>
>I think no. The logfiles the since FC2 can it be that a have to do something with the logfiles??
>
>
No the problem is the mutex files. You could clean those up in the init
scripts but the problem is, httpd is creating
those files in /etc/httpd/logs directory, which gives them a file
context of httpd_log_t which is the same as the log files.
So in order to delete them, httpd needs the ability to delete
httpd_log_t, which would allow it to delete its log files.
--
Learn, Network and Experience Open Source.
Red Hat Summit, New Orleans 2005
http://www.redhat.com/promo/summit/
More information about the fedora-list
mailing list