selinux preventing Bugzilla on FC5
James Garrison
jhg at athensgroup.com
Thu May 11 23:21:51 UTC 2006
The continuing saga....
> May 11 18:11:05 bugzilla kernel: audit(1147389065.041:16): avc:
> denied { read } for pid=19398 comm="index.cgi" name="resolv.conf"
> dev=md1 ino=1106152 scontext=user_u:system_r:httpd_sys_script_t:s0
> tcontext=system_u:object_r:net_conf_t:s0 tclass=file
> May 11 18:11:05 bugzilla kernel: audit(1147389065.045:17): avc:
> denied { create } for pid=19398 comm="index.cgi"
> scontext=user_u:system_r:httpd_sys_script_t:s0
> tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket
> May 11 18:11:05 bugzilla kernel: audit(1147389065.045:18): avc:
> denied { create } for pid=19398 comm="index.cgi"
> scontext=user_u:system_r:httpd_sys_script_t:s0
> tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket
> May 11 18:11:05 bugzilla kernel: audit(1147389065.045:19): avc:
> denied { shutdown } for pid=19398 comm="index.cgi"
> scontext=user_u:system_r:httpd_sys_script_t:s0
> tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=tcp_socket
It seems like I'm just going to have to keep trying and adding new
allow rules, 2 or 3 at a time, until I've hit everything not allowed
by selinux. Surely I'm not the first person to try to get Bugzilla
running on FC5?
Is there a better way to do this than trial and error?
--
James Garrison Athens Group, Inc.
mailto:jhg at athensgroup.com 5608 Parkcrest Dr
http://www.athensgroup.com Austin, TX 78731
SKYPE callto:jhg-athensgroup (512) 345-0600 x150
PGP: RSA=0x92E90A3B DH/DSS=0x498D331C
More information about the fedora-selinux-list
mailing list