| Summary: | SnortSnarf SELinux Policy | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Robert Paskowitz (RETIRED) <r2d2> |
| Component: | Hardened | Assignee: | Chris PeBenito (RETIRED) <pebenito> |
| Status: | RESOLVED INVALID | ||
| Severity: | enhancement | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | SELinux Policy | ||
|
Description
Robert Paskowitz (RETIRED)
2004-06-27 09:18:05 UTC
Created attachment 34282 [details]
SELinux Policy
in the future, please attach the policy files as the individual text files, rather than a tarball Hmm, I don't see how this works. All of the allow sources are non-domains. For example:
allow snortsnarf_exec_t snort_log_t:dir { search };
This doesn't do anything, since snortsnarf_exec_t is not a domain. You'd need a snortsnarf_t domain, and a transition to it, at least. If you'd like to revise your policy, I can look at it further, otherwise I'll close this bug.
please reopen if you'd like to submit a revised policy. |