[CentOS] OpenDKIM and SELinux
James B. Byrne
byrnejb at harte-lyne.caTue May 13 13:56:43 UTC 2014
- Previous message: [CentOS] OpenDKIM and SELinux
- Next message: [CentOS] OpenDKIM and SELinux
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, May 12, 2014 14:05, Daniel J Walsh wrote: >> dac_read_search and dac_override are usually bad to add. They typically >> mean the permission flags on the file in question is two tight for a >> root process to read/use. >> >> Loosing up the group/other permissions would probably allow a root >> process to read the object without requiring these capabities. > I just wrote a quick blog on this. > > https://danwalsh.livejournal.com/69478.html > > So, to turn on full path reporting I do this: # echo "-w /etc/shadow -p w" >> /etc/audit/audit.rules # service auditd restart My question is: what is the effect that "-w /etc/shadow -p w" has on SELinux with respect to reporting the full path of file names in AVCs? In other words, why does that work? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
- Previous message: [CentOS] OpenDKIM and SELinux
- Next message: [CentOS] OpenDKIM and SELinux
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list