[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-selinux-list
Subject:    Re: [F8] (Re)Starting httpd reveals php pdf.so stack
From:       "Daniel B. Thurman" <dant () cdkkt ! com>
Date:       2008-02-19 15:02:49
Message-ID: 1203433369.21982.20.camel () gold ! cdkkt ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


On Tue, 2008-02-19 at 06:52 -0800, Daniel J Walsh wrote:

> -----BEGIN PGP SIGNED MESSAGE----- 
> Hash: SHA1
> 
> Daniel B. Thurman wrote: 
> > On Mon, 2008-02-18 at 17:14 -0800, Todd Zullinger wrote: 
> > 
> >> Daniel B. Thurman wrote: 
> >>> Ok.... 
> >>> 
> >>> I tried: 
> >>> 
> >>> 1) grep execstack /var/log/audit/audit.log | audit2allow -m myphp 
> >>> 
> >>> module myphp 1.0; 
> >>> 
> >>> 2) semodule -i myphp.pp 
> >>> semodule:  Could not read file 'myphp.pp': No such file or 
> >> directory 
> >>> Seems that the myphp.pp file is never created, at least I cannot 
> >>> find it.... 
> >> You want -M instead of -m as the argument to audit2allow AFAIK. 
> >> 
> > 
> > 
> > ok... 3rd try: 
> > 
> > 1) grep execstack /var/log/audit/audit.log | audit2allow -M myphp 
> > compilation failed: 
> > (unknown source)::ERROR 'syntax error' at token '' on line 6: 
> > 
> > 
> > /usr/bin/checkmodule:  error(s) encountered while parsing
> configuration 
> > /usr/bin/checkmodule:  loading policy configuration from myphp.te 
> > 
> > 2) semodule -i myphp.pp 
> > semodule: Could not read file 'myphp.pp': No such file or directory 
> > 
> > 



> Sorry Daniel, it was probably my typing that caused the problem.
> Could 
> you attach the myphp.te file that audit2allow created?


OK, not much there but here is the attachment!


[Attachment #5 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.16.3">
  <TITLE>Re: [F8] (Re)Starting httpd reveals php pdf.so stack permission \
errors...</TITLE> </HEAD>
<BODY>
<BR>
On Tue, 2008-02-19 at 06:52 -0800, Daniel J Walsh wrote:<BR>
<BLOCKQUOTE TYPE=CITE>
    <FONT SIZE="2"><FONT COLOR="#000000">-----BEGIN PGP SIGNED \
MESSAGE-----</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">Hash: SHA1</FONT></FONT><BR>  <BR>
    <FONT SIZE="2"><FONT COLOR="#000000">Daniel B. Thurman wrote:</FONT></FONT><FONT \
COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt; On Mon, \
2008-02-18 at 17:14 -0800, Todd Zullinger wrote:</FONT></FONT><FONT COLOR="#000000"> \
</FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt; </FONT></FONT><BR>
    <FONT SIZE="2"><FONT COLOR="#000000">&gt;&gt; Daniel B. Thurman wrote: \
</FONT></FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt; Ok.... \
</FONT></FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt;&gt;&gt;</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT \
SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt; I tried: </FONT></FONT><BR>  <FONT \
SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt;</FONT></FONT><FONT COLOR="#000000"> \
</FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt; 1) grep execstack \
/var/log/audit/audit.log | audit2allow -m myphp </FONT></FONT><BR>  <FONT \
SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt;</FONT></FONT><FONT COLOR="#000000"> \
</FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt; module myphp 1.0; \
</FONT></FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt;&gt;&gt;</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT \
SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt; 2) semodule -i myphp.pp \
</FONT></FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt; semodule:&nbsp; \
Could not read file 'myphp.pp': No such file or</FONT></FONT><FONT COLOR="#000000"> \
</FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt;&gt; directory \
</FONT></FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt; Seems that the \
myphp.pp file is never created, at least I cannot </FONT></FONT><BR>  <FONT \
SIZE="2"><FONT COLOR="#000000">&gt;&gt;&gt; find it....</FONT></FONT><FONT \
COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt;&gt; You want \
-M instead of -m as the argument to audit2allow AFAIK.</FONT></FONT><FONT \
COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt;&gt;</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT \
SIZE="2"><FONT COLOR="#000000">&gt; </FONT></FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt; </FONT></FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt; \
ok... 3rd try:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt; </FONT></FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt; 1) \
grep execstack /var/log/audit/audit.log | audit2allow -M myphp</FONT></FONT><FONT \
COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt; compilation \
failed:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt; (unknown source)::ERROR 'syntax error' at token '' on line \
6:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt; </FONT></FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt; \
</FONT></FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt; \
/usr/bin/checkmodule:&nbsp; error(s) encountered while parsing \
configuration</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt; /usr/bin/checkmodule:&nbsp; loading policy configuration from \
myphp.te</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt; </FONT></FONT><BR>  <FONT SIZE="2"><FONT COLOR="#000000">&gt; 2) \
semodule -i myphp.pp</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT \
SIZE="2"><FONT COLOR="#000000">&gt; semodule: Could not read file 'myphp.pp': No such \
file or directory</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  <FONT \
SIZE="2"><FONT COLOR="#000000">&gt; </FONT></FONT><BR>  <FONT SIZE="2"><FONT \
COLOR="#000000">&gt; </FONT></FONT><BR> </BLOCKQUOTE>
<BR>
<BLOCKQUOTE TYPE=CITE>
    <FONT SIZE="2"><FONT COLOR="#000000">Sorry Daniel, it was probably my typing that \
caused the problem.&nbsp; Could</FONT></FONT><FONT COLOR="#000000"> </FONT><BR>  \
<FONT SIZE="2"><FONT COLOR="#000000">you attach the myphp.te file that audit2allow \
created?</FONT></FONT><BR> </BLOCKQUOTE>
<BR>
OK, not much there but here is the attachment!<BR>
<BR>
</BODY>
</HTML>


["myphp.te" (myphp.te)]


module myphp 1.0;





--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic