Selinux woes
Dan Track
dan.track at gmail.com
Thu Jul 27 10:47:19 UTC 2006
On 7/27/06, Paul Howarth <paul at city-fan.org> wrote:
> Dan Track wrote:
> > On 7/27/06, Paul Howarth <paul at city-fan.org> wrote:
> >> Dan Track wrote:
> >> > Hi All
> >> >
> >> > I'm having trouble running software, especially the cgi scripts. I
> >> > keep getting the following denial messages:
> >> >
> >> > audit(1153994541.663:20): avc: denied { execute_no_trans } for
> >> > pid=9258 comm="httpd" name="status.cgi" dev=sda2 ino=19426
> >> > scontext=root:system_r:httpd_t tcontext=system_u:object_r:lib_t
> >> > tclass=file
> >> >
> >> > The files are located in /usr/lib/nagios/cgi/
> >> >
> >> > Could some please help me figure this out. I've started to read
> >> > through the selinux manual but its a huge climb and would appreciate
> >> > ways to solve the above.
> >>
> >> You should read "man httpd_selinux", which has notes on running CGI
> >> programs under SELinux.
> >>
> >> You generally need to set the SELinux context type of CGI programs to
> >> httpd_sys_script_exec_t:
> >>
> >> # chcon -R -t httpd_sys_script_exec_t /usr/lib/nagios/cgi
> >>
> >> Is this the nagios version in Fedora Extras? If it is, failure to work
> >> with SELinux enabled should be bugzilla-ed.
> >>
> >> Paul.
> >>
> >> --
> >> fedora-list mailing list
> >> fedora-list at redhat.com
> >> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >>
> > Hi Paul,
> >
> > Thanks for the reply. I manged the above before I read you rmessage.
> > Thanks for the heads up though. Would you be able to help on the next
> > "search" error message.
>
> It's being denied access to search the /var/log directory to see what's
> in it.
>
> > Just to add this is a nagios install from source.
>
> Is there some particular reason you're not using the package in Extras,
> which *may* have solved these problems already?
>
Hi Paul
I downloaded the latest version from nagios. I didn't see the latest
version in the repository.
Would you what command to run to fix this problem? I ran audit2allow
and inserted teh rules in local.te, and ran make. I restarted the
httpd, nagios and syslog daemons but still no joy.
Any ideas.
Thanks in advance
Dan
More information about the fedora-list
mailing list