httpd avc denied problem

Arthur Stephens astephens at ptera.net
Thu Dec 2 18:27:28 UTC 2004 

I installed the policy sources on my fedora core 3. :)
Got to step one
Edit /etc/selinux/targeted/src/policy/file_contexts/file_contexts

There is no such file  :(
[root at webmail ~]# ls /etc/selinux/targeted/src/policy/file_contexts/
distros.fc  misc  program  types.fc
[root at webmail ~]#

Arthur Stephens
Sales Technician
Ptera Wireless Internet
astephens at ptera.net
509-927-Ptera

----- Original Message ----- 
From: "Karsten Wade" <kwade at redhat.com>
To: "Fedora SELinux support list for users & developers."
<fedora-selinux-list at redhat.com>
Sent: Tuesday, November 30, 2004 2:01 PM
Subject: Re: httpd avc denied problem


> On Tue, 2004-11-30 at 13:12, Karsten Wade wrote:
>
> >   chcon -R -t httpd_log_t /var/www/*/logs/*
> >   service httpd start
>
> BTW, if this works, you'll want to do something to make the change
> permanent.  Otherwise, the next running of restorecon will hose your
> configuration.
>
> Two options jump to mind:
>
> * Move the logs into a path that will receive httpd_log_t, i.e.,
> /var/logs/httpd/
>
> * Install the policy sources (yum install
> selinux-policy-targeted-sources), and do the following:
>
> 1. Edit /etc/selinux/targeted/src/policy/file_contexts/file_contexts
>
> 2. Add this line:
> /var/www/.*/logs(/.*)?            system_u:object_r:httpd_log_t
>
> Feel free to correct my regexp, but I think it's right. :)
>
> 3. In /etc/selinux/targeted/src/policy rebuild the policy with 'make
> load'.  This will build and load the new policy directly into memory.
>
> 4. If you now do restorecon, the /var/www/*/logs directories should get
> the proper context.
>
> Be aware that if you make another change to SELinux, especially using
> system-config-securitylevel, the file /.autorelabel may get created.
> That triggers a relabeling on reboot, and may hose any manual
> customizations not fixed in policy.
>
> - Karsten
> -- 
> Karsten Wade, RHCE, Tech Writer
> a lemon is just a melon in disguise
> http://people.redhat.com/kwade/
> gpg fingerprint: 2680 DBFD D968 3141 0115  5F1B D992 0E06 AD0E 0C41
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list