SELinux... a never ending story!
Daniel J Walsh
dwalsh at redhat.com
Fri Dec 17 03:50:56 UTC 2004
Giuseppe Greco wrote:
>On Thu, 2004-12-16 at 13:11 -0500, Daniel J Walsh wrote:
>
>
>>Giuseppe Greco wrote:
>>
>>
>>
>>>Hi all,
>>>
>>>to solve the problems I described in my previous emails,
>>>I've backed up my configuration and reinstalled FC3 from
>>>scratch.
>>>
>>>Now I'm not able to run squrrelmail... I always get the
>>>following error message:
>>>
>>>audit(1103219472.797:0): avc: denied { read } for pid=25107
>>> exe=/usr/sbin/httpd name=sh dev=dm-0 ino=96012
>>> scontext=root:system_r:httpd_t
>>> tcontext=system_u:object_r:bin_t tclass=lnk_file
>>>
>>>Any idea how to help a poor desperate?
>>>j3d.
>>>
>>>
>>>
>>>
>>>
>>Update your policy file, via yum update.
>>
>>
>
>done... and now I get
>
>audit(1103229440.677.0): avc: denied { unlink } for pid=2671
> exe=/usr/sbin/httpd name=ssl_mutex.2670 dev=dm-6 ino=192037
> scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t
> tclass=file
>
>j3d.
>
>
ugh,
Where is this mutex file being created? In the log dir? The probem
with this
is it allows a hacker to unlink all the log files, if I allow this rule.
>
>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>
More information about the fedora-selinux-list
mailing list