On Wed, 2010-04-07 at 23:01 +0200, Dominick Grift wrote:
On Wed, Apr 07, 2010 at 09:51:24PM +0100, Arthur Dent wrote:
On Wed, 2010-04-07 at 22:26 +0200, Dominick Grift wrote:
On Wed, Apr 07, 2010 at 08:02:21PM +0100, Arthur Dent wrote:
On Wed, 2010-04-07 at 18:45 +0200, Dominick Grift wrote:
On Wed, Apr 07, 2010 at 03:23:55PM +0100, Arthur Dent wrote:
Hello all,
Have I missed something or misunderstood something?
Yes it seems that the domain transition did not happen. are the modules installed:
semodule -l | grep myapache semodule -l | grep mlogc
# semodule -l | grep myapache myapache 1.0.0
# semodule -l | grep mlogc mlogc 1.0.0
Is the context of mlogc executable file proper?
ls -alZ /usr/bin/mlogc
# ls -alZ /usr/bin/mlogc -rwxr-xr-x. root root system_u:object_r:mlogc_exec_t:s0 /usr/bin/mlogc
Something seems to have gone not as planned
Well all of that seems OK - I'm not sure why it's not working?
Thanks for your help so far though - it's much appreciated...
You could try to remove the optional_policy(` tag and its closing ') tag, that might expose any errors if you build without those.
can you paste you modules? so that i can review them?
# cat mlogc.te policy_module(mlogc, 1.0.0)
type mlogc_t; type mlogc_exec_t; application_domain(mlogc_t, mlogc_exec_t)
role system_r types mlogc_t; permissive mlogc_t;
####################################################################
# cat mlogc.fc /usr/bin/mlogc -- gen_context(system_u:object_r:mlogc_exec_t, s0)
####################################################################
# cat mlogc.if ## <summary>The ModSecurity Log Collector</summary>
######################################## ## <summary> ## Execute MLOGC in the MLOGC domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`mlogc_domtrans',` gen_require(` type mlogc_t, mlogc_exec_t; ')
corecmd_search_bin($1) domtrans_pattern($1, mlogc_exec_t, mlogc_t) ')
####################################################################
# cat myapche.te policy_module(myapache, 1.0.0) optional_policy(` gen_require(` type httpd_t; ')
mlogc_domtrans(httpd_t) ')
####################################################################
Is that right?
Thank again. I do appreciate your help.
Mark