[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-selinux-list
Subject: Re: [F8] (Re)Starting httpd reveals php pdf.so stack
From: "Daniel B. Thurman" <dant () cdkkt ! com>
Date: 2008-02-19 15:02:49
Message-ID: 1203433369.21982.20.camel () gold ! cdkkt ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On Tue, 2008-02-19 at 06:52 -0800, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Daniel B. Thurman wrote:
> > On Mon, 2008-02-18 at 17:14 -0800, Todd Zullinger wrote:
> >
> >> Daniel B. Thurman wrote:
> >>> Ok....
> >>>
> >>> I tried:
> >>>
> >>> 1) grep execstack /var/log/audit/audit.log | audit2allow -m myphp
> >>>
> >>> module myphp 1.0;
> >>>
> >>> 2) semodule -i myphp.pp
> >>> semodule: Could not read file 'myphp.pp': No such file or
> >> directory
> >>> Seems that the myphp.pp file is never created, at least I cannot
> >>> find it....
> >> You want -M instead of -m as the argument to audit2allow AFAIK.
> >>
> >
> >
> > ok... 3rd try:
> >
> > 1) grep execstack /var/log/audit/audit.log | audit2allow -M myphp
> > compilation failed:
> > (unknown source)::ERROR 'syntax error' at token '' on line 6:
> >
> >
> > /usr/bin/checkmodule: error(s) encountered while parsing
> configuration
> > /usr/bin/checkmodule: loading policy configuration from myphp.te
> >
> > 2) semodule -i myphp.pp
> > semodule: Could not read file 'myphp.pp': No such file or directory
> >
> >
> Sorry Daniel, it was probably my typing that caused the problem.
> Could
> you attach the myphp.te file that audit2allow created?
OK, not much there but here is the attachment!
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.16.3">
<TITLE>Re: [F8] (Re)Starting httpd reveals php pdf.so stack permission \
errors...</TITLE> </HEAD>
<BODY>
<BR>
On Tue, 2008-02-19 at 06:52 -0800, Daniel J Walsh wrote:<BR>
<BLOCKQUOTE TYPE=CITE>
<FONT SIZE="2"><FONT COLOR="#000000">-----BEGIN PGP SIGNED \
MESSAGE-----</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">Hash: SHA1</FONT></FONT><BR> <BR>
<FONT SIZE="2"><FONT COLOR="#000000">Daniel B. Thurman wrote:</FONT></FONT><FONT \
COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> On Mon, \
2008-02-18 at 17:14 -0800, Todd Zullinger wrote:</FONT></FONT><FONT COLOR="#000000"> \
</FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR>
<FONT SIZE="2"><FONT COLOR="#000000">>> Daniel B. Thurman wrote: \
</FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">>>> Ok.... \
</FONT></FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">>>></FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT \
SIZE="2"><FONT COLOR="#000000">>>> I tried: </FONT></FONT><BR> <FONT \
SIZE="2"><FONT COLOR="#000000">>>></FONT></FONT><FONT COLOR="#000000"> \
</FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">>>> 1) grep execstack \
/var/log/audit/audit.log | audit2allow -m myphp </FONT></FONT><BR> <FONT \
SIZE="2"><FONT COLOR="#000000">>>></FONT></FONT><FONT COLOR="#000000"> \
</FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">>>> module myphp 1.0; \
</FONT></FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">>>></FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT \
SIZE="2"><FONT COLOR="#000000">>>> 2) semodule -i myphp.pp \
</FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">>>> semodule: \
Could not read file 'myphp.pp': No such file or</FONT></FONT><FONT COLOR="#000000"> \
</FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">>> directory \
</FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">>>> Seems that the \
myphp.pp file is never created, at least I cannot </FONT></FONT><BR> <FONT \
SIZE="2"><FONT COLOR="#000000">>>> find it....</FONT></FONT><FONT \
COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">>> You want \
-M instead of -m as the argument to audit2allow AFAIK.</FONT></FONT><FONT \
COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">>></FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT \
SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> \
ok... 3rd try:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> 1) \
grep execstack /var/log/audit/audit.log | audit2allow -M myphp</FONT></FONT><FONT \
COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> compilation \
failed:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">> (unknown source)::ERROR 'syntax error' at token '' on line \
6:</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> \
</FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> \
/usr/bin/checkmodule: error(s) encountered while parsing \
configuration</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">> /usr/bin/checkmodule: loading policy configuration from \
myphp.te</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT COLOR="#000000">> 2) \
semodule -i myphp.pp</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT \
SIZE="2"><FONT COLOR="#000000">> semodule: Could not read file 'myphp.pp': No such \
file or directory</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> <FONT \
SIZE="2"><FONT COLOR="#000000">> </FONT></FONT><BR> <FONT SIZE="2"><FONT \
COLOR="#000000">> </FONT></FONT><BR> </BLOCKQUOTE>
<BR>
<BLOCKQUOTE TYPE=CITE>
<FONT SIZE="2"><FONT COLOR="#000000">Sorry Daniel, it was probably my typing that \
caused the problem. Could</FONT></FONT><FONT COLOR="#000000"> </FONT><BR> \
<FONT SIZE="2"><FONT COLOR="#000000">you attach the myphp.te file that audit2allow \
created?</FONT></FONT><BR> </BLOCKQUOTE>
<BR>
OK, not much there but here is the attachment!<BR>
<BR>
</BODY>
</HTML>
["myphp.te" (myphp.te)]
module myphp 1.0;
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic