Curious Behavior doing routine redirection of ping output to (selinux: message 2 of 12) file...
Daniel J Walsh
dwalsh at redhat.com
Thu Dec 22 20:29:24 UTC 2005
selinux.funchords at spameater.org wrote:
> Richard Hally - rhally at mindspring.com wrote:
>
>> Looks like you need to download the corresponding source for the
>> policy you are running e.g. selinux-policy-targeted-source for that
>> audit2allow and make load to work.
>
> ... and that works! Thanks!
>
> Any idea why the rule is needed for a redirection by a ping command
> run by the root account? And if this is a FAQ, where is the best
> place to cut my teeth on this?
>
ping runs under the ping_t domain and it is not allowed to write to the
home dir. When you redirect in shell, shell has the application open
the file which is not allowed. A hack to get around this problem is
ping XYZ | cat > /home/dwalsh/myping
--
More information about the fedora-selinux-list
mailing list