Hi Aleksey,
On 06/03/2011 01:47 AM, Aleksey Tsalolikhin wrote:
Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled, and audit.log / audit2allow tell me I need to add the local policy:
#============= httpd_t ============== allow httpd_t unconfined_t:shm { unix_read unix_write };
which I think will allow the httpd access to read and write from shared memory? Is that right? What are the risks involved in opening this? I notice it is denied by the default policy.
To simplify configuration management, I would prefer to make this setting using /usr/sbin/setseebool, but I don't see an sebool that deals with shm...
How do I request one? (And whom do I ask?)
Since nobody has come up with a policy for eons I guess there is little incentive to provide one. When you go through the OTRS website it basically only says "turn off selinux" (which imho is pretty silly).
There was one person that tried to create a policy: http://lists.otrs.org/pipermail/dev/2005-September/001109.html
The #selinux channel on irc.freenode.net has always been helpful and patient even with my n00b questions. If you have all the info from the audit log then I would venture in there, put the audit log on a pastebin and ask how to proceed next.
If you create a proper policy I would appreciate it if you could keep this list updated. From what I have read OTRS seems a nice solution but not when I have to turn off selinux.
Regards, Patrick