[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: MySQL+Selinux problem



Stephen Smalley wrote:

On Tue, 2005-04-12 at 15:09 +0800, Michael Calizo wrote:


Hi,

I have been banging my head to resolve this SELinux+MySQL problem on
fedora Core 3.

I followed this steps from this
list:https://www.redhat.com/archives/fedora-selinux-list/2004-November/msg00015.html

  * Install selinux-policy-targeted-sources.
  * yum install selinux-policy-targeted-sources
  * cd /etc/selinux/targeted/src/policy
  * echo "allow httpd_t var_lib_t:sock_file rw_socket_perms;" >
    domains/program/httpd_socket.te
  * make load

After  make load i get this error:
yada yada yada ....
Compiling policy ...
/usr/bin/checkpolicy  -o /etc/selinux/strict/policy/policy.19 policy.conf
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
security:  3 users, 5 roles, 1304 types, 58 bools
security:  55 classes, 388377 rules
/usr/bin/checkpolicy:  policy configuration loaded
/usr/bin/checkpolicy:  writing binary representation (version 19) to
/etc/selinux/strict/policy/policy.19
/usr/bin/checkpolicy -c 18 -o /etc/selinux/strict/policy/policy.18 policy.conf
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
security:  3 users, 5 roles, 1304 types, 58 bools
security:  55 classes, 388377 rules
/usr/bin/checkpolicy:  policy configuration loaded
/usr/bin/checkpolicy:  writing binary representation (version 18) to
/etc/selinux/strict/policy/policy.18
make: *** No rule to make target
`file_contexts/program/httpd_socket.fc', needed by
`file_contexts/file_contexts'.  Stop.

Im stuck with this error and i dont know what to do next. Any insights
are welcome and appreciated.



The policy Makefile expects a .fc file to exist for every .te file under domains/program. Hence, you have two choices: 1) Move httpd_socket.te from domains/program to domains/misc. This is preferable anyway, and convention has been to put such rules in domains/misc/local.te to reduce the risk that your file will ever conflict with a file in the main policy package. -or- 2) Leave httpd_socket.te under domains/program but touch file_contexts/program/httpd_socket.fc, creating an empty file with that name to satisfy the policy Makefile.

I'd favor #1.



Have you updated to the latest policy available for FC3. This problem I believe has
been fixed for a long time.


Dan

--



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]