-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/02/2011 07:47 PM, Aleksey Tsalolikhin wrote:
Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled, and audit.log / audit2allow tell me I need to add the local policy:
#============= httpd_t ============== allow httpd_t unconfined_t:shm { unix_read unix_write };
which I think will allow the httpd access to read and write from shared memory? Is that right? What are the risks involved in opening this? I notice it is denied by the default policy.
To simplify configuration management, I would prefer to make this setting using /usr/sbin/setseebool, but I don't see an sebool that deals with shm...
How do I request one? (And whom do I ask?)
Thanks, -at _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Not sure what OTRS is but it looks like you are running it as a user? (unconfined_t), Does this usually run as a service started at boot time?
Allowing this would just mean apache is able to read/write logged in users shared memory.