On 08/21/2018 05:45 PM, Warren Young wrote:
>
>> I could be convinced otherwise if I could see where running the php as the
>> app users, would make more sense.
> That depends on whether the boundary between user php and this unknown
> “appuser” is bidirectional or not.
>
> If there are things
On Aug 21, 2018, at 4:34 PM, Nataraj wrote:
>
> On 08/21/2018 02:20 PM, Warren Young wrote:
>> On Aug 21, 2018, at 1:27 PM, Nataraj wrote:
>>> I have a web application which uses sudo to invoke python scripts as the
>>> user under which the application runs (NO root access).
>> Why is the web
On 08/21/2018 02:20 PM, Warren Young wrote:
> On Aug 21, 2018, at 1:27 PM, Nataraj wrote:
>> I have a web application which uses sudo to invoke python scripts as the
>> user under which the application runs (NO root access).
> Why is the web app not running with that user’s permissions in the
On Aug 21, 2018, at 1:27 PM, Nataraj wrote:
>
> I have a web application which uses sudo to invoke python scripts as the
> user under which the application runs (NO root access).
Why is the web app not running with that user’s permissions in the first place?
If your answer is that it needs
On 08/21/2018 12:41 PM, Jonathan Billings wrote:
> On Tue, Aug 21, 2018 at 12:27:53PM -0700, Nataraj wrote:
>> Source RPM Packages sudo-1.7.2p1-29.el5_10
>> Policy RPMselinux-policy-2.4.6-351.el5
>> Platform Linux myhost.mydomain.com
On Tue, Aug 21, 2018 at 12:27:53PM -0700, Nataraj wrote:
> Source RPM Packages sudo-1.7.2p1-29.el5_10
> Policy RPMselinux-policy-2.4.6-351.el5
> Platform Linux myhost.mydomain.com 2.6.18-419.el5 #1 SMP
> Fri Feb 24 22:06:09 UTC 2017 i686 i686
On 08/21/2018 12:27 PM, Nataraj wrote:
I have a web application which uses sudo to invoke python scripts as the
user under which the application runs (NO root access). Is there any
reason why sudo would would require sys_ptrace access for this? I only
get this violation intermittenly, and not
I have a web application which uses sudo to invoke python scripts as the
user under which the application runs (NO root access). Is there any
reason why sudo would would require sys_ptrace access for this? I only
get this violation intermittenly, and not with every call to sudo.
Here's the
Gordon Messmer wrote:
On 07/22/2013 07:41 AM, Ken Smith wrote:
Hi Guys, My google foo is failing me this afternoon. Just configuring a
new C6 install. I know there are SELinux alerts happening, eg: I know I
need to enable named to write to the local .jnl file as part of dynamic
DNS,
On 23 Jul 2013 07:42, Ken Smith k...@kensnet.org wrote:
For some reason auditd wasn't running or enabled. I'm now seeing the
messages I needed in /var/log/messages. I'm running bind chrooted and
various other tweeks mean I need to set SELinux accordingly.
Bind chroot via the standard chroot
James Hogarth wrote:
On 23 Jul 2013 07:42, Ken Smithk...@kensnet.org wrote:
For some reason auditd wasn't running or enabled. I'm now seeing the
messages I needed in /var/log/messages. I'm running bind chrooted and
various other tweeks mean I need to set SELinux accordingly.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/23/2013 07:15 AM, Ken Smith wrote:
James Hogarth wrote:
On 23 Jul 2013 07:42, Ken Smithk...@kensnet.org wrote:
For some reason auditd wasn't running or enabled. I'm now seeing the
messages I needed in /var/log/messages. I'm running
Hello Ken
Try this search term site:danwalsh.livejournal.com in your searches.
Also this is a good book
http://www.amazon.com/SELinux-Example-Using-Security-Enhanced/dp/0131963694/ref=sr_1_2?ie=UTF8qid=1374504654sr=8-2keywords=selinux
This is the best I can do as I don't understand. What
Hi Guys, My google foo is failing me this afternoon. Just configuring a
new C6 install. I know there are SELinux alerts happening, eg: I know I
need to enable named to write to the local .jnl file as part of dynamic
DNS, but sealert -b is not listing any alerts. I can see raw audit
messages.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/22/2013 10:55 AM, Paul Norton wrote:
Hello Ken Try this search term site:danwalsh.livejournal.com in your
searches. Also this is a good book
On 07/22/2013 07:41 AM, Ken Smith wrote:
Hi Guys, My google foo is failing me this afternoon. Just configuring a
new C6 install. I know there are SELinux alerts happening, eg: I know I
need to enable named to write to the local .jnl file as part of dynamic
DNS, but sealert -b is not listing
On 30 August 2007, Kenneth Porter [EMAIL PROTECTED] wrote:
snip
You might also want to direct your question to the SELinux people on
their
lists:
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
http://www.nsa.gov/selinux/info/list.cfm
(I'm curious to know what the solution
On Thursday, August 30, 2007 4:50 PM -0500 Lanny Marcus
[EMAIL PROTECTED] wrote:
SELinux people: Can you explain what he needs?
You might also want to direct your question to the SELinux people on their
lists:
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
18 matches
Mail list logo