problem with selinux-policy-targeted FC3

Peter Magnusson iocc at fedora-selinux.lists.flashdance.cx
Sun Jun 19 00:30:48 UTC 2005


I run FC3 on an box. I have selinux enabled. Last selinux-policy-targeted 
fucked up so my webserver didnt start, I think its very irresponsible of 
the fedora team to fuckup a lot of peoples httpds like this.
I have;
apt-get update &>/dev/null
apt-get upgrade -y
in cron.daily.

I have many vhosts. All are in /www like /www/domain1.net /www/domain2.net
and so on. If it matters its NFS exported to an other computer running FC3.
No, I dont wanna move it to /var/www .

It would say;

Jun 19 00:32:27 sysbabe httpd: Warning: DocumentRoot [/www/eurobeat.se] 
does not exist
Jun 19 00:32:27 sysbabe kernel: audit(1119133946.358:0): avc:  denied  { 
search } for  pid=30644 exe=/usr/sbin/httpd name=/ dev=hda2 ino=2 
scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t 
tclass=dir
Jun 19 00:32:27 sysbabe httpd: Warning: DocumentRoot [/www/eurobeat.se] 
does not exist
Jun 19 00:32:27 sysbabe kernel: audit(1119133946.358:0): avc:  denied  { 
search } for  pid=30644 exe=/usr/sbin/httpd name=/ dev=hda2 ino=2 
scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t 
tclass=dir
Jun 19 00:32:27 sysbabe httpd: Warning: DocumentRoot [/www/eurobeat.se] 
does not exist
Jun 19 00:32:27 sysbabe kernel: audit(1119133946.359:0): avc:  denied  { 
search } for  pid=30644 exe=/usr/sbin/httpd name=/ dev=hda2 ino=2 
scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t 
tclass=dir
Jun 19 00:32:27 sysbabe httpd: Warning: DocumentRoot [/www/eurobeat.se] 
does not exist
Jun 19 00:32:27 sysbabe kernel: audit(1119133946.361:0): avc:  denied  { 
search } for  pid=30644 exe=/usr/sbin/httpd name=/ dev=hda2 ino=2 
scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t 
tclass=dir

on EACH subdir inside /www. I know nothing about selinux, only restorecon. 
I tried restorecon -R /www/ but it didnt help.

I got some help on irc (thanks again) and did
setsebool -P httpd_disable_trans 1 and now the webserver at least work. But 
I guess the PROPER way would be to set system_r:httpd_t perms on all files 
inside /www ? But how do I do that without rebooting?
touch /.autorelabel and reboot... is a reboot.




More information about the fedora-selinux-list mailing list