Recent SEL problems on FC3 box - named & dhcpd
Eric Paris
eparis at redhat.com
Tue Mar 22 21:13:58 UTC 2005
Try running
restorecon -v -R /web
after the apache.fc changes and running make reload.
you will probably see a ls -Z /web does not show up as
system_u:object_r:httpd_sys_content_t. Before you run the restorecon.
Eric
On Tue, 2005-03-22 at 21:09 +0000, Ruth Ivimey-Cook wrote:
> On Tue, 2005-03-22 at 10:48 -0500, Stephen Smalley wrote:
> > This suggests that your filesystem isn't labeled. Touch /.autorelabel
> > and reboot, or manually boot single-user and run /sbin/fixfiles relabel.
>
> I've done that, and it does seem to have fixed the problems with named
> and dhcpd. At least, there are no more avc messages.
>
> However, it seems to have disabled my web server. I guess this is
> because I'm strange and prefer the web root to be /web, not /var/www.
>
> I have tried adding lines (below) into apache.fc and then running 'make'
> in src/policy, but it didn't help.
>
> HOME_DIR/((www)|(web)|(public_html))(/.+)?
> system_u:object_r:httpd_ROLE_content_t
> /web(/.*)? system_u:object_r:httpd_sys_content_t
> /web/cgi-bin(/.*)?
> system_u:object_r:httpd_sys_script_exec_t
> /var/www(/.*)? system_u:object_r:httpd_sys_content_t
> /var/www/cgi-bin(/.*)?
> system_u:object_r:httpd_sys_script_exec_t
>
>
> I later tried adding the audit2allow lines to apache.te and running
> make, but that failed too.
>
> allow httpd_t default_t:dir { getattr search };
> allow httpd_t default_t:file { getattr read };
> allow httpd_t default_t:lnk_file read;
>
>
> What am I doing wrong?
>
> Ruth
>
More information about the fedora-selinux-list
mailing list