[CentOS] How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 3 18:41:26 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/02/2011 07:47 PM, Aleksey Tsalolikhin wrote:
> Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled,
> and audit.log / audit2allow tell me I need to add the local policy:
>
>
> #============= httpd_t ==============
> allow httpd_t unconfined_t:shm { unix_read unix_write };
>
> which I think will allow the httpd access to read and write from shared memory?
> Is that right? What are the risks involved in opening this? I notice it is
> denied by the default policy.
>
> To simplify configuration management, I would prefer to make this setting
> using /usr/sbin/setseebool, but I don't see an sebool that deals with shm...
>
> How do I request one? (And whom do I ask?)
>
> Thanks,
> -at
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Not sure what OTRS is but it looks like you are running it as a user?
(unconfined_t), Does this usually run as a service started at boot time?
Allowing this would just mean apache is able to read/write logged in
users shared memory.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3pKtYACgkQrlYvE4MpobOOIwCgs9KG+PxXUg3UealcfO+C4kYZ
wMMAn2oLpKPBQUjQpvTam3J5M0jL+g2P
=+sPH
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list