SELinux and Cacti (and other webapps)

Aurelien Bompard gauret at
Mon Dec 19 08:07:17 UTC 2005

Hi all,

We're trying to package cacti for Fedora Extras:
and we're running into an SELinux problem. Cacti is a web frontend to
RRDTool, an improved version of MRTG (which you might know).
There is a script, run by cron, which create the statistics databases, and
put them in /var/lib/cacti. The log goes into /var/log/cacti. Then, the web
interfaces lets the user see theses statistics.
The problem is that SELinux won't let httpd access /var/lib/cacti :
type=AVC msg=audit(1134978797.695:45154): avc:  denied  { read } for 
pid=2605 comm="rrdtool" name="localhost_proc_7.rrd" dev=sda2 ino=981003
tcontext=system_u:object_r:var_lib_t tclass=file

Httpd can't acces /var/log/cacti either.
What should we do to make that work with SELinux ? Do we have to run chcon
in the %post scriptlet (that sounds like an ugly hack) ? Should we move
everything to /var/www ?

Thanks for you help

--  ~~~~  Jabber : abompard at
Programmer: A biological system designed to convert coffee and pizza
into code.

More information about the fedora-selinux-list mailing list