Selinux and awstats [Solved]
Daniel J Walsh
dwalsh at redhat.com
Fri Jul 18 14:02:55 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Claude Jones wrote:
> On Thursday 10 July 2008 12:08:28 Claude Jones wrote:
>> On Thursday 10 July 2008 11:31:48 Daniel J Walsh wrote:
>>> Sorry about the path problems.
>> no problem
>>
>>> If matchpathcon returns no errors, you should be fine now.
>> # matchpathcon /var/lib/awstats
>> /var/lib/awstats system_u:object_r:awstats_var_lib_t
>>
>> As you can see above, it appears to be good. Thanks as always
>> for your help.
>
> Dan: A final report. After rebooting several times, and running
> smart many times, both of which used to produce many lines of the
> awstats/selinux messages, I think I can safely say that the
> problem has been solved. I wish I understood what your commands
> did, exactly - if you have a little time to respond to this, I
> would really appreciate a synopsis of your diagnosis and cure. I
> guess that somehow, two different policies were generated with
> regard to awstats, and that's what you were detecting with the
> matchpathcon command? Is that a fair understanding from my read
> of the man page? The semodule -B command was to force a rewrite
> of the policy, though I'm not sure to what end, as I read it...
> And somehow, you found and had me erase the multiple contexts?
>
>
Yes I believe you or some package added the second file context entry,
which was causing your problem. The tools were some how borked for
removing the entry.
semodule -B
Basically reassembled the policy and moved the contents of
/etc/selinux/targeted/modules/active to /etc/selinux/targeted/contexts
So once we fully removed the context from the local modifications we
wanted to make sure the system files were correct.
semanage fcontext -d PATH
Should have done this for us, but something on your system was not
working correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkiAoo8ACgkQrlYvE4MpobMDDQCdF57z4E6QwtQwfkuDjQvZMkBW
87wAoI3ylI1zNoerJP5lUWvERTjgfkfe
=tMRh
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list