Bug 145033
Summary: | Reading the SElinux config: ssh, dhcp, httpd | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ivan Gyurdiev <ivg231> |
Component: | selinux-policy-strict | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-01-20 18:24:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ivan Gyurdiev
2005-01-13 21:18:40 UTC
Are you running in permissive mode. I believe most of these would be prevented in enforcing mode. Putting the code in enforcing will might cause a dontaudit to happen which causes the application to go a different code patch. So for instance if I do a ls /etc/selinux/targeted/ I might get a Denial of search on the directory and ls will stop. But in permissive mode, I would get the search denial plus all the reads of the files under neath it. So we only care about AVC messages in enforcing mode. This is in permissive mode. I'll try enforcing too, but last time I did this X wouldn't start - will investigate and close bug if necessary. Closing bug, will reopen if I see it again. With execmod changes that I added to X I can now run in enforcing, and I see very few denials. |