MySQL+Selinux problem
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 12 14:28:33 UTC 2005
Stephen Smalley wrote:
>On Tue, 2005-04-12 at 15:09 +0800, Michael Calizo wrote:
>
>
>>Hi,
>>
>>I have been banging my head to resolve this SELinux+MySQL problem on
>>fedora Core 3.
>>
>>I followed this steps from this
>>list:https://www.redhat.com/archives/fedora-selinux-list/2004-November/msg00015.html
>>
>> * Install selinux-policy-targeted-sources.
>> * yum install selinux-policy-targeted-sources
>> * cd /etc/selinux/targeted/src/policy
>> * echo "allow httpd_t var_lib_t:sock_file rw_socket_perms;" >
>> domains/program/httpd_socket.te
>> * make load
>>
>>After make load i get this error:
>>yada yada yada ....
>>Compiling policy ...
>>/usr/bin/checkpolicy -o /etc/selinux/strict/policy/policy.19 policy.conf
>>/usr/bin/checkpolicy: loading policy configuration from policy.conf
>>security: 3 users, 5 roles, 1304 types, 58 bools
>>security: 55 classes, 388377 rules
>>/usr/bin/checkpolicy: policy configuration loaded
>>/usr/bin/checkpolicy: writing binary representation (version 19) to
>>/etc/selinux/strict/policy/policy.19
>>/usr/bin/checkpolicy -c 18 -o /etc/selinux/strict/policy/policy.18 policy.conf
>>/usr/bin/checkpolicy: loading policy configuration from policy.conf
>>security: 3 users, 5 roles, 1304 types, 58 bools
>>security: 55 classes, 388377 rules
>>/usr/bin/checkpolicy: policy configuration loaded
>>/usr/bin/checkpolicy: writing binary representation (version 18) to
>>/etc/selinux/strict/policy/policy.18
>>make: *** No rule to make target
>>`file_contexts/program/httpd_socket.fc', needed by
>>`file_contexts/file_contexts'. Stop.
>>
>>Im stuck with this error and i dont know what to do next. Any insights
>>are welcome and appreciated.
>>
>>
>
>The policy Makefile expects a .fc file to exist for every .te file under
>domains/program. Hence, you have two choices:
>1) Move httpd_socket.te from domains/program to domains/misc. This is
>preferable anyway, and convention has been to put such rules in
>domains/misc/local.te to reduce the risk that your file will ever
>conflict with a file in the main policy package. -or-
>2) Leave httpd_socket.te under domains/program but touch
>file_contexts/program/httpd_socket.fc, creating an empty file with that
>name to satisfy the policy Makefile.
>
>I'd favor #1.
>
>
>
Have you updated to the latest policy available for FC3. This problem I
believe has
been fixed for a long time.
Dan
--
More information about the fedora-selinux-list
mailing list