Adding two new booleans to httpd to tighten it's security.
nicolas.mailhot at laposte.net
Mon Dec 12 20:06:00 UTC 2005
On Lun 12 décembre 2005 20:27, Christopher J. PeBenito wrote:
> On Sat, 2005-12-10 at 20:08 +0100, Nicolas Mailhot wrote:
>> How about having selinux play nice with spamassassin at last ?
>> It's still not able to create resolver sockets
>> "Error creating a DNS resolver socket"
> This is fixed upstream.
I think it is in spamd context but not in procmail context.
>> or writing in its own files
>> cannot create tmp lockfile ~/.spamassassin/bayes.lock.xxx
>> cannot write to ~/.spamassassin/user_pref
> You didn't say what the denial was.
A lot of traces where attached in redhat bugzilla entries.
They no longuer appear in audit.log - I suspect /homes accesses are now
filtered by default
(when the problem was first reported a few weeks ago they did appear as AVCs)
The tricky bit is most of them are executed for the home user, but in
More information about the fedora-selinux-list