Webmin bug, with SELinux in Permissive Mode
Lanny Marcus
lanny at ieee.org
Sat Sep 1 10:32:02 UTC 2007
I found a bug in Webmin. The author of Webmin is also a SELinux
newbie. (this is the first time I have enabled SELinux)
He would like me to post and try to find help, from
experienced SELinux users. He wrote:
> Unfortunately I am a newbie when it comes to selinux too :-(
> What I am looking for is a way to selinux that any process can write
> to a file. I suspect that the chcon command can do this, but am not
> sure how..
Prior to the above, he wrote:
> Ok, thanks ... I see the problem. Webmin opens the log file
> /var/webmin/miniserv.error and connects STDERR to it, then runs other
> commands like iptables, which inherits the STDERR file descriptor.
> This is generally a good thing, as any error output from the iptables
> command will go to that log file.
>
> But with selinux enabled, this fails as iptables doesn't have the
> security context needed to write to that file. Is there a chcon option
> or other command that can allow a file to be written by any process?
> If so, I should update Webmin to run that on the error log file.
This bug is at the below URL:
<https://sourceforge.net/tracker/?func=detail&atid=117457&aid=1781101&group_id=17457>
If someone can explain, in simple terms, what needs to be done, that
will be greatly appreciated! TIA, Lanny
More information about the fedora-selinux-list
mailing list