Manuel Wolfshant wrote:
On 08/12/2008 07:12 PM, Ned Slider wrote:
Manuel Wolfshant wrote:
Ned Slider wrote:
Hi list,
I've knocked up a contribution on SELinux here:
http://wiki.centos.org/HowTos/SELinux
I've tried to pitch it as an introduction for those not already
familiar with SELinux but also hopefully a useful reference.
I'm relatively new to SELinux and have covered pretty much
everything I know to the limits of my limited knowledge. If folks
think other material needs to be covered then it may be more
appropriate for them to make the additions rather than me. Consider
it a "get the ball rolling" contribution that the community can add
to as necessary :)
Comments welcomed,
I would add the following just before "Sumamry" (in case one wants to
edit the rules suggested by audit2allow):
Building module policy manually
- grep sendmail /var/log/audit/audit.log | audit2allow -M postfix
- while reviewing the generated postfix.te
module local 1.0;
require {
type httpd_log_t;
type postfix_postdrop_t;
class dir getattr;
class file { read getattr };
}
#============= postfix_postdrop_t ==============
allow postfix_postdrop_t httpd_log_t:file getattr;
Wolfy,
Are you able to supply an example of the audit.log AVC message(s) that
are used to create this .te policy? It might be useful to show the
actual AVC error messages in explaining this process.
Thanks,
here you are. I hope I have not trashed anything valuable but most of
the info must be here
Thanks.
One wonders why postdrop is interested in /var/log/httpd/error_log?
PS, for those who might be tempted to comment about the kernel version:
I already know what you want to say.
------------------------------------------------------------------------
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs