httpd controls ?

Hongwei Li hongwei at wustl.edu
Wed Mar 30 15:47:41 UTC 2005


>> 2. If it is safe, how do I persuade selinux to let it happen?
>
> Look into use of the audit2allow utility for converting denied
> messages into rules that allow the behavior that was denied. The the
> short of it is:
>
> # cd /etc/selinux/targeted/src
> # audit2allow -d -l -o domains/misc/local.te && make load
>
> Repeat until your script works and then clean up the local.te file's
> formatting (not necessary).  The long of it (and a good read) is the
> Red Hat Enterprise Linux 4 SELinux Guide
> (http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/).
>  I'd suggest reading that, specifically section II before doing what
> I've suggested here to make sure you have a full understanding of
> what's going on.
>

I have a question about what you suggested.  My system is working
normally, but I'd like to know more about audit2allow.  My system (fc3,
selinux enforced, targeted) does not have src under /etc/selinux/targeted/
that has only:  booleans  contexts  policy

and I could not find audit2allow, even from the web site you gave above.

Could you provide more information about it? or any links?

Thanks!

Hongwei Li




More information about the fedora-selinux-list mailing list