Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: apache-ssl mods for Debian
From: Russell Coker <russell_at_coker.com.au>
Date: Tue, 13 Apr 2004 21:28:15 +1000
I plan to change run_init to not use expect. That file handle is from a bug in expect.
> avc: denied { getattr } for pid=12580 exe=/usr/sbin/run_init This and all the other getattr messages are from the change to libselinux which has it using fopen() instead of open() for /proc/mounts. The next policy package I upload will have a macro change to fix this.
> avc: denied { read } for pid=12583 exe=/bin/bash name=selinux dev=hda3 Your current directory is /etc/selinux...
> avc: denied { search } for pid=12587 exe=/usr/sbin/apache-ssl The apache.fc I attached to my previous message would not label a directory with httpd_exec_t, if you relabel /usr/lib/apache-ssl then it should be OK.
> avc: denied { write } for pid=12592 exe=/usr/sbin/apache-ssl If you relabel /var/run/gcache_port or restart apache in permissive mode (thus recreating /var/run/gcache_port) then it will be fine. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 13 Apr 2004 - 07:29:54 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |