Joe,
here's may ssl.conf... I hope this helps. j3d.
On Fri, 2004-12-17 at 09:55 +0000, Joe Orton wrote:
On Thu, Dec 16, 2004 at 10:50:56PM -0500, Daniel J Walsh wrote:
Giuseppe Greco wrote:
done... and now I get
audit(1103229440.677.0): avc: denied { unlink } for pid=2671 exe=/usr/sbin/httpd name=ssl_mutex.2670 dev=dm-6 ino=192037 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t tclass=file
Giuseppe, can you post your /etc/httpd/conf.d/ssl.conf? This shouldn't happen in the default mod_ssl configuration.
ugh,
Where is this mutex file being created? In the log dir? The probem with this is it allows a hacker to unlink all the log files, if I allow this rule.
mod_ssl (and various other bits of httpd) can be configured to use various types of semaphore: these will all be SysV semaphores in the default configuration, but in non-default configurations, can be files with fcntl locking. So the rule shouldn't be needed by default, I'm confused why people are seeing this.
joe
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list