Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
Re: Experiences with selinux enabled targetted on Fedora Core 3: msg#00139
|
Subject: |
Re: Experiences with selinux enabled targetted on Fedora Core 3 |
On Tuesday 22 February 2005 12:15, Valdis.Kletnieks@xxxxxx wrote:
> At least at one point in time, I was seeing random avc errors on mount
> points that made absolutely no sense - I'd do an 'ls -Z' and it would look
> OK. Finally twigged in that I needed to unmount the file system, relabel
> the *directory*, and then remount. Seem to remember /usr/share and
> /usr/local biting me that way (/, /usr, /usr/local, and /usr/share are 4
> different file systems on my box).
In those cases a dontaudit rule will usually do the job. If the file system
is not mounted then there's nothing that the application can usefully do
under the mount point and usually ENOENT and EACCESS usually get the same
code paths in most applications that try to open files.
grep dontaudit.*file_t.dir policy.conf
The above grep command will show you some of the dontaudit rules that have
already been put in place to deal with this. If there are more domains that
may get used early in the boot process to get such errors then let us know
and we'll write dontaudit rules.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
|
| |
