selinux and ASP for Linux

Colin Walters walters at
Wed Mar 2 21:59:56 UTC 2005

On Wed, 2005-03-02 at 15:45 -0600, Jason Dravet wrote:
>I have installed Sun's new asp for Linux (4.02) product on my Linux server.
>What the software does is provide asp support to httpd on Linux platforms.
>The Sun installer adds a module to the system so httpd can handle asp
>requests.  When I try to start httpd I get the following messages.  If I run
>setenforce 0 and start httpd, asp works great so the problem is with the way
>asp and selinux interact.  I have to run with selinux enabled so disabling
>it is not a solution.  What do I have to do to get this to work?  I have
>contacted Sun but they don't know anything about selinux.

First, note that you can disable SELinux enforcement just for httpd
without doing setenforce 0; see:

>Mar 1 19:45:28 cisit6 kernel: audit(1109727928.415:0): avc: denied { write }
>for pid=8390 exe=/usr/sbin/httpd
>path=/opt/casp/INSTALL/database/tmp/tmp.0.5541 dev=dm-0 ino=426791
>scontext=root:system_r:httpd_t tcontext=root:object_r:usr_t tclass=file

Hmmm.  Hard to say what this is.  You could try:

chcon -R -h -t httpd_sys_content_t /opt/casp/INSTALL/

> dev=dm-0 ino=633455 scontext=root:system_r:httpd_t
>tcontext=root:object_r:usr_t tclass=file

My suggestion:

chcon -h -t shlib_t /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/*.so

More information about the fedora-selinux-list mailing list