httpd controls ?

Hongwei Li hongwei at
Wed Mar 30 15:47:41 UTC 2005

>> 2. If it is safe, how do I persuade selinux to let it happen?
> Look into use of the audit2allow utility for converting denied
> messages into rules that allow the behavior that was denied. The the
> short of it is:
> # cd /etc/selinux/targeted/src
> # audit2allow -d -l -o domains/misc/local.te && make load
> Repeat until your script works and then clean up the local.te file's
> formatting (not necessary).  The long of it (and a good read) is the
> Red Hat Enterprise Linux 4 SELinux Guide
> (
>  I'd suggest reading that, specifically section II before doing what
> I've suggested here to make sure you have a full understanding of
> what's going on.

I have a question about what you suggested.  My system is working
normally, but I'd like to know more about audit2allow.  My system (fc3,
selinux enforced, targeted) does not have src under /etc/selinux/targeted/
that has only:  booleans  contexts  policy

and I could not find audit2allow, even from the web site you gave above.

Could you provide more information about it? or any links?


Hongwei Li

More information about the fedora-selinux-list mailing list