On 01/12/2012 03:48 AM, Daniel J Walsh wrote:
> In Fedora we currently dontaudit this leak.
>
> audit2allow -i /tmp/t
>
>
> #============= httpd_sys_script_t ==============
> #!!!! This avc has a dontaudit rule in the current policy
>
> allow httpd_sys_script_t httpd_t:udp_socket { read write };
Pow. Reasonable answer, and it isn't so hard to run that command -- its
just difficult to understand why its necessary if you don't know
anything about the environment, and mystifying if you know the command
but nothing about what's going on.