[CentOS] Re: SELinux question - to fix bug in Webmin
Lanny Marcus
mailing-lists at computer2.com
Sat Sep 1 15:54:38 UTC 2007
On 30 August 2007, Kenneth Porter <shiva at sewingwitch.com> wrote:
> Message: 75
<snip>
> You might also want to direct your question to the SELinux people on
> their lists:
>
> <http://www.redhat.com/mailman/listinfo/fedora-selinux-list>
> <http://www.nsa.gov/selinux/info/list.cfm>
>
> (I'm curious to know what the solution is, though, so please follow up
> back here with anything you find!)
Ken: I posted on the fedora-selinux-list Below is the reply from Daniel
J. Walsh at Redhat. Lanny
> This explanation and description of the problem are fine. We probably
> need a custom policy for webmin to allow iptables to write to scripts
> running as webmin, since catching stderr is important. There is no
> file context that can be set to allow this. As I recall from the
> original bug report, iptables was also trying to communicate with
> another open file descriptor. This one I beleive should be closed on
> exec.
More information about the CentOS
mailing list