MySQL+Selinux problem

Daniel J Walsh dwalsh at redhat.com
Tue Apr 12 14:28:33 UTC 2005 

Stephen Smalley wrote:

>On Tue, 2005-04-12 at 15:09 +0800, Michael Calizo wrote:
>  
>
>>Hi,
>>
>>I have been banging my head to resolve this SELinux+MySQL problem on
>>fedora Core 3.
>>
>>I followed this steps from this
>>list:https://www.redhat.com/archives/fedora-selinux-list/2004-November/msg00015.html
>>
>>   * Install selinux-policy-targeted-sources.
>>   * yum install selinux-policy-targeted-sources
>>   * cd /etc/selinux/targeted/src/policy
>>   * echo "allow httpd_t var_lib_t:sock_file rw_socket_perms;" >
>>     domains/program/httpd_socket.te
>>   * make load
>>
>>After  make load i get this error:
>>yada yada yada ....
>>Compiling policy ...
>>/usr/bin/checkpolicy  -o /etc/selinux/strict/policy/policy.19 policy.conf
>>/usr/bin/checkpolicy:  loading policy configuration from policy.conf
>>security:  3 users, 5 roles, 1304 types, 58 bools
>>security:  55 classes, 388377 rules
>>/usr/bin/checkpolicy:  policy configuration loaded
>>/usr/bin/checkpolicy:  writing binary representation (version 19) to
>>/etc/selinux/strict/policy/policy.19
>>/usr/bin/checkpolicy -c 18 -o /etc/selinux/strict/policy/policy.18 policy.conf
>>/usr/bin/checkpolicy:  loading policy configuration from policy.conf
>>security:  3 users, 5 roles, 1304 types, 58 bools
>>security:  55 classes, 388377 rules
>>/usr/bin/checkpolicy:  policy configuration loaded
>>/usr/bin/checkpolicy:  writing binary representation (version 18) to
>>/etc/selinux/strict/policy/policy.18
>>make: *** No rule to make target
>>`file_contexts/program/httpd_socket.fc', needed by
>>`file_contexts/file_contexts'.  Stop.
>>
>>Im stuck with this error and i dont know what to do next. Any insights
>>are welcome and appreciated.
>>    
>>
>
>The policy Makefile expects a .fc file to exist for every .te file under
>domains/program.  Hence, you have two choices:
>1) Move httpd_socket.te from domains/program to domains/misc.  This is
>preferable anyway, and convention has been to put such rules in
>domains/misc/local.te to reduce the risk that your file will ever
>conflict with a file in the main policy package. -or-
>2) Leave httpd_socket.te under domains/program but touch
>file_contexts/program/httpd_socket.fc, creating an empty file with that
>name to satisfy the policy Makefile.
>
>I'd favor #1.
>
>  
>
Have you updated to the latest policy available for FC3.  This problem I 
believe has
been fixed for a long time.

Dan

--

More information about the fedora-selinux-list mailing list