On 9/9/18 9:23 AM, Gordon Messmer wrote:
I don't see sesearch mentioned in the SELinux FAQ hosted by Fedora,
and the mention in CentOS's FAQ appears to be the invocation that Leon
used, which was less than helpful. I think both would be improved if
they started from an AVC log entry (which doe
On 09/10/2018 09:41 AM, Leon Fauster via CentOS wrote:
Am 09.09.2018 um 16:19 schrieb Daniel Walsh :
On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote:
Am 09.09.2018 um 14:49 schrieb Daniel Walsh :
On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
Any SElinux expert here - briefly:
Am 09.09.2018 um 16:19 schrieb Daniel Walsh :
>
> On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote:
>> Am 09.09.2018 um 14:49 schrieb Daniel Walsh :
>>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
Any SElinux expert here - briefly:
# getenforce
Enforcing
On 09/09/2018 07:19 AM, Daniel Walsh wrote:
sesearch -A -s httpd_t -t system_conf_t -p read
If you feel that these files should not be part of the base_ro_files
then we should open that for discussion.
I think the question was how users would know that the policy allowed
access, as he was p
On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote:
Am 09.09.2018 um 14:49 schrieb Daniel Walsh :
On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
Any SElinux expert here - briefly:
# getenforce
Enforcing
# sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
# sesearch -A
Am 09.09.2018 um 14:49 schrieb Daniel Walsh :
>
> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>> Any SElinux expert here - briefly:
>>
>> # getenforce
>> Enforcing
>>
>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
>>
>>
>> # sesearch -ACR -s httpd_t -c file -p r
On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
Any SElinux expert here - briefly:
# getenforce
Enforcing
# sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
# sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t
# ls -laZ /etc/sysctl.conf /etc/rsyslog.conf
-rw-
Any SElinux expert here - briefly:
# getenforce
Enforcing
# sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
# sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t
# ls -laZ /etc/sysctl.conf /etc/rsyslog.conf
-rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /e
8 matches
Mail list logo