Why does this get denied?
Andy Smith
andy at strugglers.net
Mon Dec 20 16:32:11 UTC 2004
Hi,
Firstly apologies if what I'm about to ask is obvious, I'm kind of
new to selinux and I'm trying to read the relevant docs but I don't
understand something. If what I ask is covered in a document then
I'd appreciate a pointer.
Okay so I just installed apache from RPM on fedora core 3 and when I
try to start it I get the following:
# service httpd start
Starting httpd: Syntax error on line 266 of
/etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
In /var/log/messages:
Dec 20 16:28:32 becks kernel: audit(1103560112.198:0): avc: denied
{ search } for pid=27331 exe=/usr/sbin/httpd name=/ dev=dm-1 ino=2
scontext=root:system_r:httpd_t tcontext=system_u:object_r:file_t
tclass=dir
I am using the targeted policy.
Now, the only thing I have changed is, instead of having my document
root be /var/www/html I've put it in /data/www. I edited
/etc/selinux/targeted/src/policy/file_contexts/program/apache.fc to
reflect the fact that my content is in a different place and did do
a restorecon to relabel things under /data.
What I don't understand is the reference to /. Why is selinux
denying httpd searching /? This is a new install and selinux has
been enabled from the start so / should be labelled correctly..
What am I missing?
Thanks,
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041220/0f099d3d/attachment.sig>
More information about the fedora-selinux-list
mailing list