SELinux/httpd integration
Joe Orton
jorton at redhat.com
Wed Nov 17 11:29:19 UTC 2004
On Tue, Nov 16, 2004 at 03:35:49PM -0500, Daniel J Walsh wrote:
> Joe Orton wrote:
> >httpd_t *cannot* write to anything labelled with httpd_sys_content_t by
> >default, surely - that's the whole problem?
> >
> >When I set up /var/www/svn as above, I get AVC messages like:
> >
> >audit(1100636258.341:0): avc: denied { write } for pid=21318
> >exe=/usr/sbin/httpd name=__db.001 dev=hda2 ino=3169309
> >scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_sys_content_t
> >tclass=file
>
> Policy has been updated to allow this. Please update to
> selinux-policy-targeted-1.17.30-2.26 or greater.
The same using a fresh Raw Hide install from yesterday,
selinux-policy-targeted-1.19.1-9:
audit(1100690797.204:0): avc: denied { write } for pid=2388
exe=/usr/sbin/httpd name=__db.001 dev=md0 ino=1194146
scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:httpd_sys_content_t tclass=file
joe
More information about the fedora-selinux-list
mailing list