Problem with audit2allow reference policy involving logs
Forrest Taylor
ftaylor at redhat.com
Thu Feb 28 17:49:56 UTC 2008
Running RHEL5.1 with with selinux-policy-strict-2.4.6-106.el5_1.3.
I am building my own policy for FTP and in creating the xferlog,
audit2allow -alR gives this macro:
logging_search_logs(ftpd_t)
The problem is that this macros generates the following type transition:
type_transition ftpd_t var_log_t : file sendmail_log_t;
This, of course, is not really what I want, so I dropped the -R option
to audit2allow and it returns:
allow ftpd_t var_log_t:dir search;
With the next iteration, audit2allow -alR shows:
sendmail_create_log(ftpd_t)
and audit2allow -la shows:
allow ftpd_t var_log_t:dir write;
Someone really liked sendmail_log_t ;o)
Forrest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080228/52c53003/attachment.sig>
More information about the fedora-selinux-list
mailing list