Request Tracker 3

Colin Walters walters at redhat.com
Tue Feb 1 16:55:10 UTC 2005


On Tue, 2005-02-01 at 11:52 -0500, Kanwar Ranbir Sandhu wrote:
> On Tue, 2005-01-02 at 10:22 -0500, Kanwar Ranbir Sandhu wrote:
> > avc:  denied  { search } for  pid=2851 exe=/usr/bin/perl name=postfix
> > dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> > tcontext=system_u:object_r:var_spool_t tclass=dir
> > 
> > avc:  denied  { search } for  pid=2851 exe=/usr/bin/perl name=postfix
> > dev=dm-5 ino=34833 scontext=user_u:system_r:httpd_sys_script_t
> > tcontext=system_u:object_r:var_spool_t tclass=dir
> > 
> > avc:  denied  { setrlimit } for  pid=2856 exe=/usr/sbin/sendmail.postfix
> > scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t
> > tclass=process
> 
> I've learned a little more about selinux, and so ran audit2allow on the
> denials above to generate the following two policies:
> 
> allow httpd_sys_script_t var_spool_t:dir search;
> allow httpd_t self:process setrlimit;

Does adding those two permissions actually fix the problem?





More information about the fedora-selinux-list mailing list