Adding two new booleans to httpd to tighten it's security.
Nicolas Mailhot
nicolas.mailhot at laposte.net
Sun Dec 11 21:52:37 UTC 2005
On Dim 11 décembre 2005 22:35, Tom London wrote:
> Running latest rawhide stuff, targeted/enforcing.
>
> Two 'after market' packages appear to need some help: skype and vmware.
Seems some python bits and mplayer are not safe either :
type=AVC msg=audit(1134326070.107:1325): avc: denied { execmem } for
pid=28368 comm="mplayer"
scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
type=SYSCALL msg=audit(1134326070.107:1325): arch=c000003e syscall=10
success=no exit=-13 a0=7fffff8a5000 a1=1000 a2=1000007 a3=1 items=0
pid=28368 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="mplayer" exe="/usr/bin/mplayer"
type=AVC msg=audit(1134326066.831:1324): avc: denied { execmem } for
pid=28361 comm="python"
scontext=user_u:system_r:unconfined_t:s0-s0:c0.c255
tcontext=user_u:system_r:unconfined_t:s0-s0:c0.c255 tclass=process
type=SYSCALL msg=audit(1134326066.831:1324): arch=c000003e syscall=10
success=no exit=-13 a0=7fffff863000 a1=1000 a2=1000007 a3=1 items=0
pid=28361 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="python" exe="/usr/bin/python"
Oh, well I didn't have a http://bugzilla.livna.org/ account yet
Regards,
--
Nicolas Mailhot
More information about the fedora-selinux-list
mailing list