[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: Apache on FedoraCore1(Was Re: log_domain macro)
From:       Russell Coker <russell () coker ! com ! au>
Date:       2003-12-23 9:45:22
[Download RAW message or body]

On Tue, 23 Dec 2003 20:45, Yuichi Nakamura <himainu_ynakam@yahoo.co.jp> wrote:
> Russell Coker <russell@coker.com.au> wrote:
> > allow httpd_t httpd_t:netlink_socket { bind create getattr read write };
> > What is the reason for the above?
>
> It is added by using audit2allow.
> Apache seems to work without it,
> but in some case these permissions may be required.
> I don't know whether Apache really requires these permissions.

Until we know why Apache does that I will leave it out of my tree.  I suspect 
that you have some Apache module loaded which does it.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]