Selinux and awstats [Solved]
Daniel J Walsh
dwalsh at redhat.com
Fri Jul 18 14:02:55 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Claude Jones wrote:
> On Thursday 10 July 2008 12:08:28 Claude Jones wrote:
>> On Thursday 10 July 2008 11:31:48 Daniel J Walsh wrote:
>>> Sorry about the path problems.
>> no problem
>>> If matchpathcon returns no errors, you should be fine now.
>> # matchpathcon /var/lib/awstats
>> /var/lib/awstats system_u:object_r:awstats_var_lib_t
>> As you can see above, it appears to be good. Thanks as always
>> for your help.
> Dan: A final report. After rebooting several times, and running
> smart many times, both of which used to produce many lines of the
> awstats/selinux messages, I think I can safely say that the
> problem has been solved. I wish I understood what your commands
> did, exactly - if you have a little time to respond to this, I
> would really appreciate a synopsis of your diagnosis and cure. I
> guess that somehow, two different policies were generated with
> regard to awstats, and that's what you were detecting with the
> matchpathcon command? Is that a fair understanding from my read
> of the man page? The semodule -B command was to force a rewrite
> of the policy, though I'm not sure to what end, as I read it...
> And somehow, you found and had me erase the multiple contexts?
Yes I believe you or some package added the second file context entry,
which was causing your problem. The tools were some how borked for
removing the entry.
Basically reassembled the policy and moved the contents of
/etc/selinux/targeted/modules/active to /etc/selinux/targeted/contexts
So once we fully removed the context from the local modifications we
wanted to make sure the system files were correct.
semanage fcontext -d PATH
Should have done this for us, but something on your system was not
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the fedora-list