2005/03/24 on Yano's digital garage https://www.bravotouring.com/~yano/archives/2005/03/24/ Recent content in 2005/03/24 on Yano's digital garage Hugo en-us Thu, 24 Mar 2005 00:00:00 +0900 メール送信フォーム復旧 https://www.bravotouring.com/~yano/diary/it/20050324.htm Thu, 24 Mar 2005 00:00:00 +0900 https://www.bravotouring.com/~yano/diary/it/20050324.htm <p>地震の影響では無く、年明けに新サーバーを導入したところでの移行漏れだ。情けな〜。</p> <p>バックアップから<span class="Path">wwwmail.cgi</span>を導入。しかし入れただけはうまくいかないのが<span class="Software">SELinux</span>の定めだ。permissiveモードに切替えて動作を確認し、<span class="Software">"audit2allow -d -l"</span>の出力をセキュリティポリシーに追加しなければならない。</p> <p>で<span class="Path">/etc/selinux/targeted/src/policy/domains/program/apache.te</span>の差分は以下のとおりとなった。<blockquote class="Log">allow httpd_suexec_t user_home_dir_t:dir search;<br/>allow httpd_suexec_t user_home_t:dir { add_name remove_name getattr search write };<br/>allow httpd_suexec_t user_home_t:file { execute execute_no_trans getattr ioctl read rename append create unlink write };<br/><span class="Strong">allow httpd_suexec_t tmpfs_t:dir search;<br/>allow httpd_sys_script_t tmpfs_t:dir search;</span><br/>allow httpd_sys_script_t devpts_t:chr_file { read write };<br/>allow httpd_sys_script_t httpd_sys_script_exec_t:dir { read add_name remove_name write };<br/>allow httpd_sys_script_t httpd_sys_script_exec_t:file { create unlink write };<br/>allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read;<br/>allow httpd_sys_script_t var_t:dir { add_name remove_name write };<br/>allow httpd_sys_script_t var_t:fifo_file write;<br/>allow httpd_sys_script_t var_t:file { create execute execute_no_trans getattr link read unlink write };<br/>allow httpd_t httpd_sys_script_exec_t:lnk_file read;<br/>allow httpd_t user_home_t:dir { getattr search };<br/>allow httpd_t user_home_t:file { getattr read };</blockquote></p>