web-based chat server

Rahul Sundaram sundaram at redhat.com
Wed Aug 17 21:26:23 UTC 2005 

Eric Tanguy wrote:

>Le mercredi 17 août 2005 à 19:10 +0200, Eric Tanguy a écrit :
>  
>
>>Le mercredi 17 août 2005 à 12:35 +0100, Paul Howarth a écrit :
>>    
>>
>>>Eric Tanguy wrote:
>>>      
>>>
>>>>Le mercredi 17 août 2005 à 12:37 +0200, Eric Tanguy a écrit :
>>>>
>>>>        
>>>>
>>>>>Le mardi 16 août 2005 à 15:00 +0200, Alexander Dalloz a écrit :
>>>>>
>>>>>          
>>>>>
>>>>>>Am Di, den 16.08.2005 schrieb Eric Tanguy um 13:45:
>>>>>>
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>Ok thanks you are are right. Do you know a good irc server for FC4
>>>>>>>available by repo or at least rpm ?
>>>>>>>              
>>>>>>>
>>>>>>>Eric Tanguy | Nantes, France 
>>>>>>>              
>>>>>>>
>>>>>>Maybe http://yarrow.freshrpms.net/rpm.html?id=740 is a good starting
>>>>>>point. Fetch the src.rpm, update the spec to use the current release and
>>>>>>rebuild the rpm. (I can not recommend one IRC server over the other; was
>>>>>>always only a client user.)
>>>>>>
>>>>>>Alexander
>>>>>>
>>>>>>            
>>>>>>
>>>>>In fact it seems too difficult for me to adpat this spec to the
>>>>>irc-hybrid current version. So i downloaded
>>>>>http://prdownloads.sourceforge.net/ircd-hybrid/ircd-hybrid-7.1.1.tgz and
>>>>>use the spec file in it (in contrib) and all is fine. Very easy to
>>>>>configure and i was able connect to my irc server using xchat but i was
>>>>>unable to connect to it using cgiirc http://cgiirc.sourceforge.net/ i
>>>>>obtained a permission denied on the web page but if i disabled selinux i
>>>>>was able to connect. So i went to selinux parameters and activate "Allow
>>>>>HTTPD scripts to connect to the network". And now i can connect to my
>>>>>irc server. But i still have some problems with cgiirc ( i can connect
>>>>>and see what is said but i can't have any action). I will go further
>>>>>next week. Hope this can help.
>>>>>
>>>>>
>>>>>          
>>>>>
>>>>If i disable selinux i can edit options view help and chat. So there is
>>>>still some problem with selinux context. If someone have an idea ?
>>>>        
>>>>
>>>As always with SELinux issues, look for the avc messages in 
>>>/var/log/messages, or /var/log/audit/audit.log if you're running auditd.
>>>
>>>Paul.
>>>
>>>      
>>>
>>thanks but it's quite difficult to understand /var/log/audit/audit.log!
>>The only lines i found in this file refering my problem (i think ...)
>>are : 
>>type=AVC msg=audit(1124298167.251:3778508): avc:  denied  { read } for
>>pid=3907 comm="irc.cgi" name="formats" dev=dm-0 ino=8323109
>>scontext=system_u:system_r:httpd_sys_script_t
>>tcontext=system_u:object_r:httpd_sys_script_exec_t tclass=dir
>>type=SYSCALL msg=audit(1124298167.251:3778508): arch=40000003 syscall=5
>>success=no exit=-13 a0=94586b8 a1=18800 a2=94586b8 a3=9430fe0 items=1
>>pid=3907 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
>>sgid=48 fsgid=48 comm="irc.cgi" exe="/usr/bin/perl"
>>type=CWD msg=audit(1124298167.251:3778508):
>>cwd="/var/www/cgi-bin/cgiirc"
>>type=PATH msg=audit(1124298167.251:3778508): item=0 name="formats"
>>flags=103  inode=8323109 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
>>type=AVC msg=audit(1124298171.144:3812320): avc:  denied  { connectto }
>>for  pid=3922 comm="client-perl.cgi" name="sock"
>>scontext=system_u:system_r:httpd_sys_script_t
>>tcontext=system_u:system_r:httpd_sys_script_t tclass=unix_stream_socket
>>type=SYSCALL msg=audit(1124298171.144:3812320): arch=40000003
>>syscall=102 success=no exit=-13 a0=3 a1=bfc86690 a2=45b3bc0 a3=6e
>>items=1 pid=3922 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48
>>egid=48 sgid=48 fsgid=48 comm="client-perl.cgi" exe="/usr/bin/perl"
>>type=AVC_PATH msg=audit(1124298171.144:3812320):
>>path="/tmp/cgiirc-0coinr388dt/sock"
>>type=SOCKADDR msg=audit(1124298171.144:3812320):
>>saddr=01002F746D702F6367696972632D30636F696E7233383864742F736F636B0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
>>
>>But i can't understand where is the problem.
>>If someone could help me ...
>>Thanks
>>
>>    
>>
>Noone can help me to understand that ? Or say me where can i find a
>document explaining the audit messages ? Have i to disable definitely
>selinux ?
>
You might get better help posting to fedora-selinux list instead
regards
Rahul

More information about the fedora-list mailing list