[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Logrotate, ssh_agent - read selinux_config_t

To: selinux@xxxxxxxxxxxxx
Subject: Logrotate, ssh_agent - read selinux_config_t
From: Ivan Gyurdiev <ivg2@xxxxxxxxxxx>
Date: Thu, 31 Mar 2005 14:06:15 -0500
Organization: Cornell University
Reply-to: ivg2@xxxxxxxxxxx
Sender: owner-selinux@xxxxxxxxxxxxx

logrotate and ssh_agent try to read /etc/selinux/config and fail.
I thought it would be reasonable to allow that, but I see this:

apache_macros.te:dontaudit httpd_$1_script_t selinux_config_t:dir
search;
crontab_macros.te:dontaudit $1_crontab_t selinux_config_t:dir search;
inetd_macros.te:dontaudit $1_t selinux_config_t:dir search;
ssh_agent_macros.te:dontaudit $1_ssh_agent_t selinux_config_t:dir
search;
ssh_macros.te:dontaudit $1_ssh_keysign_t selinux_config_t:dir search;
xserver_macros.te:dontaudit $1_xserver_t selinux_config_t:dir search;

Why?

-- 
Ivan Gyurdiev <ivg2@xxxxxxxxxxx>
Cornell University


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Logrotate, ssh_agent - read selinux_config_t
  - From: Stephen Smalley

Prev by Date: Cron /null fd:use use denials
Next by Date: Re: Cron /null fd:use use denials
Previous by thread: Re: Cron /null fd:use use denials
Next by thread: Re: Logrotate, ssh_agent - read selinux_config_t
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.