Request Tracker 3
Colin Walters
walters at redhat.com
Mon Jan 31 17:12:48 UTC 2005
On Sun, 2005-01-30 at 20:06 -0500, Kanwar Ranbir Sandhu wrote:
> Hello Everyone,
>
> Has anyone attempted to run RT3 (3.2.2) on a FC3 system? I'm running
> into a bunch of selinux errors, and I'm having problems resolving the
> issue: I'm just not very familiar with selinux.
Have you seen the Fedora Apache/SELinux guide?
http://fedora.redhat.com/docs/selinux-apache-fc3/
> avc: denied { getattr } for pid=681 exe=/usr/bin/perl path=/var/log
> dev=dm-5 ino=129025 scontext=root:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_log_t tclass=dir
Hmm. Given that we allow access to httpd_log_t which is in the default
configuration a subdirectory of var_log_t, I'm surprised that this
access is not allowed. Ideally though the app should not need this.
> avc: denied { ioctl } for pid=693 exe=/usr/bin/perl
> path=/var/log/httpd/error_log dev=dm-5 ino=129070
> scontext=root:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:httpd_log_t tclass=file
This one is probably harmless; I think perl does an ioctl even on
regular files in many situations (to find out whether it's a tty?).
> avc: denied { read } for pid=693 exe=/usr/bin/perl name=tmp dev=dm-3
> ino=12 scontext=root:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:tmp_t tclass=lnk_file
Is this /usr/tmp? Try running "chcon -h -t usr_t /usr/tmp". This is a
bug in our policy package because it doesn't presently ensure that it's
relabeled on upgrades.
More information about the fedora-selinux-list
mailing list