no avc denial for httpd_tty_comm checks ???
Zing
shishz at hotpop.com
Sat Sep 9 19:44:12 UTC 2006
On Sat, 09 Sep 2006 03:57:14 -0700, Steve G wrote:
>
>>That's fine, but the first thing I checked was "aureport --failed -a"
>>and it was silent about anything failing...
>
> What aureport considers a failure is syscalls that fail. For example, if
> you have your system in permissive mode, the syscall associated with any
> avcs would actually suceed. If you taked the --failed flag away, do you
> see the expected avc being reported?
sorry, looks the same.
I double checked i am in enforcing and targeted policy mode and just tried
again and still nothing. I can basically "setsebool httpd_tty_comm 0" and
get this error in apache ssl_error_log:
[Sat Sep 09 15:34:52 2006] [error] Init: Unable to read pass phrase [Hint: key introduced or changed before restart?]
[Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218710120 error:0D094068:asn1 encoding routines:d2i_ASN1_SET:bad tag
[Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
[Sat Sep 09 15:34:52 2006] [error] SSL Library Error: 218734605
error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib
and nothing in "aureport -a", then "setsebool httpd_tty_comm 1" and apache
will prompt accordingly and startup.
zing
More information about the fedora-selinux-list
mailing list