Re: dumb newbie questions

[Ivan Gyurdiev <gyurdiev@xxxxxxxxxx>]

> 2. How do I get a new scripts or program to run? One FAQ came near to
> answering this but was incomplete. It said I should run the offending
> program, then extract the warning line from the messages file and run it
> through a program called audit2allow. Audit2allow seems to need an input
> file so I copied one of the warning lines from the log into a text file,
> test.txt, and did this:
> 
> audit2allow test.txt

I wish FAQs would stop recommending this, since that's what everyone 
does to get their scripts to run. audit2allow is a helper program
for policy writers, and nothing more. It's a mistake to pipe
its output into anything... instead you should provide that to the
SELinux people, so they can write proper policy.

> The result message from audit2allow was "allow httpd_sys_script_t
> devpt_t:chr_file { read write };". The "allow" sounded hopeful but when
> I tried to run my script again it still didn't work. So I think there
> must be some additional step that was left out of the FAQ. Any
> suggestions appreciated.

This particular error means that your script cannot write to 
the terminal. I also suspect the terminal is labeled incorrectly,
but someone else would have to comment on that - I am still
not understanding the different devpts* types very well.

Why do you need your scripts to write to the terminal?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.