I found a bug in Webmin when using Webmin with SELinux in Permissive Mode. The author of Webmin, asked me, in their bug tracker on SourceForge:
Ok, thanks ... I see the problem. Webmin opens the log file /var/webmin/miniserv.error and connects STDERR to it, then runs other commands like iptables, which inherits the STDERR file descriptor. This is generally a good thing, as any error output from the iptables command will go to that log file.
But with selinux enabled, this fails as iptables doesn't have the security context needed to write to that file. Is there a chcon option or other command that can allow a file to be written by any process? If so, I should update Webmin to run that on the error log file.
I replied that I'm a newbie and could he clarify, in newbie terms, what he would like me to find. He then replied:
Unfortunately I am a newbie when it comes to selinux too :-( What I am looking for is a way to selinux that any process can write to a file. I suspect that the chcon command can do this, but am not sure how..
SELinux people: Can you explain what he needs?
https://sourceforge.net/tracker/?func=detail&atid=117457&aid=1781101&group_id=17457
TIA! Lanny