A few policy changes I had to make
Daniel J Walsh
dwalsh at redhat.com
Thu Dec 9 17:09:03 UTC 2004
Rodrigo Damazio wrote:
> I've made the dontaudit changes you suggested and they
> everything seems to still work. However, I'm still having problems
> with apache - I use too many PHP functions which do various things
> such as executing external programs, opening sockets, connecting to
> postgres, etc. that generate avc denied errors. I tried, thus, to
> remove apache.te from domains/program, just to find out that mailman
> depended on it - it gives me an error about mailman_cgi_exec_t (which,
> indeed, is only defined if apache.te is defined, but it appears in the
> mailman.fc file without an ifdef - adding an ifdef made it all work
> perfectly. I wonder if there's a way to use selinux with apache
> without limiting php functions.
>
> Rodrigo
Not really, that is what httpd_unified boolean was to make apache work
with most common environments. I would like to see the AVC messages you
are getting on these though. Apache should be able to communicate with
postgres using the latest policy. Are you running NIS on this machine?
Dan
More information about the fedora-selinux-list
mailing list