Big brother and httpd
Tom Diehl
tdiehl at rogueind.com
Sun Jun 26 12:35:57 UTC 2005
On Sun, 26 Jun 2005, James Z. Li wrote:
>
> On 6/25/05, Tom Diehl <tdiehl at rogueind.com> wrote:
> > Hi,
> >
> > I am trying to get Big Brother working on EL4. I have the following in
> > the httpd.conf
> >
> > Alias /bb /home/bb/bb/www
> >
> > With SELinux enabled I get the following in the logs when I try to access
> > the BB web page
> > :
> > Jun 25 18:44:24 pocono kernel: audit(1119739464.262:0): avc: denied { search } for pid=20700 comm=httpd name=bb dev=dm-1 ino=6406600 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t tclass=dir
> > Jun 25 18:44:24 pocono kernel: audit(1119739464.262:0): avc: denied { getattr } for pid=20700 comm=httpd path=/home/bb/bb dev=dm-1 ino=6406600 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t tclass=dir
> > Jun 25 18:44:27 pocono kernel: audit(1119739467.679:0): avc: denied { search } for pid=23158 comm=httpd name=bb dev=dm-1 ino=6406600 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t tclass=dir
> > Jun 25 18:44:27 pocono kernel: audit(1119739467.679:0): avc: denied { getattr } for pid=23158 comm=httpd path=/home/bb/bb dev=dm-1 ino=6406600 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t tclass=dir
> >
> > If I disable SELinux for apache, I can access the BB web pages just fine.
> >
> > I relabeled /home/bb/bb/www but I still get the errors.
> >
> > (pocono pts31) # ll -Z ~bb/bb/www
> > -rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-ack.sh
> > -rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-hist.sh
> > -rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-histlog.sh
> > -rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-hostsvc.sh
> > -rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-rep.sh
> > -rwxr-xr-x bb bb root:object_r:httpd_sys_content_t bb-replog.sh
> > -rw-rw-r-- bb bb user_u:object_r:user_home_t bb.html
> > -rw-rw-r-- bb bb user_u:object_r:user_home_t bb2.html
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t gifs
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t help
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t html
> > -rw-r--r-- bb bb root:object_r:httpd_sys_content_t index.html
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t newbldg
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t notes
> > drwxrwxr-x bb apache root:object_r:httpd_sys_content_t rep
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t reynolds
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t rogueind
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t routers
> > drwxr-xr-x bb bb root:object_r:httpd_sys_content_t xo
> > (pocono pts31) #
> >
> > I tried relabeling bb.html and bb2.html but they keep reverting to
> > user_u:object_r:user_home_t. I suspect this is my problem but I am new
> > to SELinux so I am not sure.
> >
> > Can someone suggest how to fix this??
> How did u relabel bb.html and bb2.html?
> Did you change the apache.fc file to label the files and dirs
> under /home/bb/bb/www, followed by "make load" and
> then "setfiles" / "restorecon"?
No, I did the following:
"chcon -R -h -t httpd_sys_content_t www"
I also tried "chcon -t httpd_sys_content_t bb.html"
I do not seem to have an apache.fc file.
Regards,
Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
More information about the fedora-selinux-list
mailing list