Valdis.Kletnieks@vt.edu wrote:
On Wed, 28 Sep 2005 11:18:33 EDT, Daniel J Walsh said:
You need to add getattr and ioctl to your tty. I am adding it to Policy.
You could add
allow httpd_t tty_device_t:chr_file { getattr ioctl };
to local.te
Umm... you're not adding it to the shipping policy, are you? Is there any *real* usage (as opposed to simulating a hack-in) that httpd_t needs those two added?
These are only used when httpd_tty_comm is set, It is off by default. httpd_tty_comm is only required if you are using public keys that require a password to unlock. So when apache starts it prompts the admin for a password to unlock its certificates.