Simulating a hacker attack
Daniel J Walsh
dwalsh at redhat.com
Thu Sep 29 12:44:35 UTC 2005
Valdis.Kletnieks at vt.edu wrote:
>On Wed, 28 Sep 2005 11:18:33 EDT, Daniel J Walsh said:
>
>
>
>>You need to add getattr and ioctl to your tty. I am adding it to Policy.
>>
>>You could add
>>
>>allow httpd_t tty_device_t:chr_file { getattr ioctl };
>>
>>to local.te
>>
>>
>
>Umm... you're not adding it to the shipping policy, are you? Is there any
>*real* usage (as opposed to simulating a hack-in) that httpd_t needs those
>two added?
>
>
These are only used when httpd_tty_comm is set, It is off by default.
httpd_tty_comm is only required if you
are using public keys that require a password to unlock. So when apache
starts it prompts the admin for a password
to unlock its certificates.
--
More information about the fedora-selinux-list
mailing list