Selinux and awstats [Solved]

Daniel J Walsh dwalsh at redhat.com
Fri Jul 18 14:02:55 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Claude Jones wrote:
> On Thursday 10 July 2008 12:08:28 Claude Jones wrote:
>> On Thursday 10 July 2008 11:31:48 Daniel J Walsh wrote:
>>> Sorry about the path problems.
>> no problem
>>
>>> If matchpathcon returns no errors, you should be fine now.
>> # matchpathcon /var/lib/awstats
>> /var/lib/awstats        system_u:object_r:awstats_var_lib_t
>>
>> As you can see above, it appears to be good. Thanks as always
>> for your help.
> 
> Dan: A final report. After rebooting several times, and running 
> smart many times, both of which used to produce many lines of the 
> awstats/selinux messages, I think I can safely say that the 
> problem has been solved. I wish I understood what your commands 
> did, exactly - if you have a little time to respond to this, I 
> would really appreciate a synopsis of your diagnosis and cure. I 
> guess that somehow, two different policies were generated with 
> regard to awstats, and that's what you were detecting with the 
> matchpathcon command? Is that a fair understanding from my read 
> of the man page? The semodule -B command was to force a rewrite 
> of the policy, though I'm not sure to what end, as I read it... 
> And somehow, you found and had me erase the multiple contexts?
> 
> 
Yes I believe you or some package added the second file context entry,
which was causing your problem. The tools were some how borked for
removing the entry.

semodule -B

Basically reassembled the policy and moved the contents of
/etc/selinux/targeted/modules/active to /etc/selinux/targeted/contexts

So once we fully removed the context from the local modifications we
wanted to make sure the system files were correct.

semanage fcontext -d PATH

Should have done this for us, but something on your system was not
working correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkiAoo8ACgkQrlYvE4MpobMDDQCdF57z4E6QwtQwfkuDjQvZMkBW
87wAoI3ylI1zNoerJP5lUWvERTjgfkfe
=tMRh
-----END PGP SIGNATURE-----

More information about the fedora-list mailing list