selinux and ASP for Linux
Colin Walters
walters at redhat.com
Wed Mar 2 21:59:56 UTC 2005
On Wed, 2005-03-02 at 15:45 -0600, Jason Dravet wrote:
>I have installed Sun's new asp for Linux (4.02) product on my Linux server.
>What the software does is provide asp support to httpd on Linux platforms.
>The Sun installer adds a module to the system so httpd can handle asp
>requests. When I try to start httpd I get the following messages. If I run
>setenforce 0 and start httpd, asp works great so the problem is with the way
>asp and selinux interact. I have to run with selinux enabled so disabling
>it is not a solution. What do I have to do to get this to work? I have
>contacted Sun but they don't know anything about selinux.
First, note that you can disable SELinux enforcement just for httpd
without doing setenforce 0; see:
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#using-s-c-securitylevel
>Mar 1 19:45:28 cisit6 kernel: audit(1109727928.415:0): avc: denied { write }
>for pid=8390 exe=/usr/sbin/httpd
>path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791
>scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file
Hmmm. Hard to say what this is. You could try:
chcon -R -h -t httpd_sys_content_t /opt/casp/INSTALL/
>path=/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/m
>od_casp2.so dev=dm-0 ino=633455 scontext=root:system_r:httpd_t
>tcontext=root:object_r:usr_t tclass=file
My suggestion:
chcon -h -t shlib_t /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/*.so
More information about the fedora-selinux-list
mailing list