11 Jan
2012
11 Jan
'12
7:50 p.m.
On 01/12/2012 03:48 AM, Daniel J Walsh wrote:
In Fedora we currently dontaudit this leak.
audit2allow -i /tmp/t
#============= httpd_sys_script_t ============== #!!!! This avc has a dontaudit rule in the current policy
allow httpd_sys_script_t httpd_t:udp_socket { read write };
Pow. Reasonable answer, and it isn't so hard to run that command -- its just difficult to understand why its necessary if you don't know anything about the environment, and mystifying if you know the command but nothing about what's going on.