Problem with audit2allow reference policy involving logs

Forrest Taylor ftaylor at redhat.com
Thu Feb 28 17:49:56 UTC 2008


Running RHEL5.1 with with selinux-policy-strict-2.4.6-106.el5_1.3.

I am building my own policy for FTP and in creating the xferlog,
audit2allow -alR gives this macro:

logging_search_logs(ftpd_t)

The problem is that this macros generates the following type transition:

   type_transition ftpd_t var_log_t : file sendmail_log_t;

This, of course, is not really what I want, so I dropped the -R option
to audit2allow and it returns:

allow ftpd_t var_log_t:dir search;

With the next iteration, audit2allow -alR shows:

sendmail_create_log(ftpd_t)

and audit2allow -la shows:

allow ftpd_t var_log_t:dir write;

Someone really liked sendmail_log_t ;o)

Forrest
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080228/52c53003/attachment.sig>


More information about the fedora-selinux-list mailing list