[CentOS] How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
Patrick Lists
centos-list at puzzled.xs4all.nl
Fri Jun 3 19:05:10 UTC 2011
Hi Aleksey,
On 06/03/2011 01:47 AM, Aleksey Tsalolikhin wrote:
> Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled,
> and audit.log / audit2allow tell me I need to add the local policy:
>
>
> #============= httpd_t ==============
> allow httpd_t unconfined_t:shm { unix_read unix_write };
>
> which I think will allow the httpd access to read and write from shared memory?
> Is that right? What are the risks involved in opening this? I notice it is
> denied by the default policy.
>
> To simplify configuration management, I would prefer to make this setting
> using /usr/sbin/setseebool, but I don't see an sebool that deals with shm...
>
> How do I request one? (And whom do I ask?)
Since nobody has come up with a policy for eons I guess there is little
incentive to provide one. When you go through the OTRS website it
basically only says "turn off selinux" (which imho is pretty silly).
There was one person that tried to create a policy:
http://lists.otrs.org/pipermail/dev/2005-September/001109.html
The #selinux channel on irc.freenode.net has always been helpful and
patient even with my n00b questions. If you have all the info from the
audit log then I would venture in there, put the audit log on a pastebin
and ask how to proceed next.
If you create a proper policy I would appreciate it if you could keep
this list updated. From what I have read OTRS seems a nice solution but
not when I have to turn off selinux.
Regards,
Patrick
More information about the CentOS
mailing list