On Tue, November 21, 2017 12:02 pm, Gordon Messmer wrote:
On 11/21/2017 08:42 AM, david wrote:
SELINUX is disabled.
...
Any suggestions?
Ha-ha! I like it!
Does anybody remember LIDS:
https://en.wikipedia.org/wiki/Linux_Intrusion_Detection_System
The name is a bit deceptive. In short, LIDS is Linux kernel patch that (roughly speaking) does the following: after boot process finishes, and all services have been started root user is demoted to user nobody ;-) You can only do administration on cold powered off system - i.e. off line. Alas, LIDS didn't make into main stream kernel. Its competitor (?) SElinux made it instead, and SElinux is child's play compared to LIDS IMHO... Every time SElinux is mentioned in one respect or another it makes my day, as I remember LIDS ;-)
I hope, someone has few loughs with me here.
Valeri
Also, you *could* run "systemctl edit httpd.service" and enter two lines:
[Service] PrivateTmp=false
... if you specifically need to share /tmp. The alternative is probably to mount a new tmpfs to a new directory somewhere under /var/lib for globally shared ephemeral files. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++