FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-29-2012, 03:25 PM
 
Default siteminder and selinux

I'm getting AVCs, and as I've mentioned before, the report from sealert is
*wrong*.

siteminder is running as root:system_r:httpd_sys_script_t
/etc/httpd/conf, and siteminder's configuration file, are both
system_ubject_r:httpd_config_t, and the configuration file is rw by
root, and r by group root.

sealert keeps trying to tell me to set httpd_unified on, which I've had on.

Clues on what I actually have to change to let siteminder not cause
selinux AVCs? (The system is running in permissive mode, and we're CentOS
5.7 (which will get updated to 5.8 when I can....)

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-29-2012, 05:48 PM
Daniel J Walsh
 
Default siteminder and selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/29/2012 11:25 AM, m.roth@5-cent.us wrote:
> I'm getting AVCs, and as I've mentioned before, the report from sealert is
> *wrong*.
>
> siteminder is running as root:system_r:httpd_sys_script_t /etc/httpd/conf,
> and siteminder's configuration file, are both
> system_ubject_r:httpd_config_t, and the configuration file is rw by root,
> and r by group root.
>
> sealert keeps trying to tell me to set httpd_unified on, which I've had
> on.
>
> Clues on what I actually have to change to let siteminder not cause selinux
> AVCs? (The system is running in permissive mode, and we're CentOS 5.7
> (which will get updated to 5.8 when I can....)
>
> mark
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Could you attach the alert? and the AVC.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk90oH0ACgkQrlYvE4MpobNoOACgpy4mgc/lFipzx8t8TwycUEOp
v+gAoOcHm8BuUnRivV9b9E/sHxQz14oc
=+YqU
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 12:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org