[CentOS] About audit2allow generated rules
Min Wang
ser.basis at gmail.comTue Apr 24 14:50:09 UTC 2012
- Previous message: [CentOS] Probelm solved -- Re: openldap-server 'TLSVerifyClient demand' fails on centos 6.2?
- Next message: [CentOS] CentOS-announce Digest, Vol 86, Issue 13
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
HI I have something in /var/log/audit/audit.log like: avc: denied { write } for pid=23739 comm="httpd" name="renderd.sock" dev=dm-0 ino=1183752 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file use audit2allow it generates something like this: allow httpd_t var_run_t:sock_file write; Is the rule too liberal? that means httpd_t can write any var_run_t 's sock_file? Or I miss-understand something? Should it only allow httpd_t to write this specific render.sock file? If so, what's the right way to do? Thanks. min
- Previous message: [CentOS] Probelm solved -- Re: openldap-server 'TLSVerifyClient demand' fails on centos 6.2?
- Next message: [CentOS] CentOS-announce Digest, Vol 86, Issue 13
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list