FC5, Apache, Bugzilla, SELinux issues
R Edmonds
redmonds98 at googlemail.com
Thu Jan 4 14:24:07 UTC 2007
Greetings out there in Penguin-land!
I'm going through the rather painful process of installing Bugzilla on an
SELinux FC5 box. I'm almost there now, I think, however I'm trying to add a
local policy to SELinux for allowing Apache to execute .cgi scripts, and
have hit a brick wall.
When I try to hit the Bugzilla page from a browser on the network I get
this:
tail -f /var/log/messages output:
kernel: audit(1167911234.610:20): avc: denied { execute_no_trans } for
pid=28833 comm="httpd" name=" index.cgi" dev=dm-0 ino=34931972
scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:usr_t:s0
tclass=file
So, following the guide in the fedora docs
Here<http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385>I
generated a
local.te using *audit2allow -m local -l -i /var/log/messages > local.te *,
compiled it using *checkmodule -M -m -o local.mod local.te*, packaged it
using *semodule_package -o local.pp -m local.mod*, then attempted to add it
to the current running policy using *semodule -i local.pp *. This point is
where I get stuck. i'm seeing this output when I execute the command:
tail -f /var/log/messages output:
Jan 4 11:56:13 svn kernel: security: 3 users, 6 roles, 1481 types, 152
bools, 1 sens, 256 cats
Jan 4 11:56:13 svn kernel: security: 58 classes, 43474 rules
Jan 4 11:56:13 svn dbus: Can't send to audit system: USER_AVC avc:
received policyload notice (seqno=7) : exe="?" (sauid=81, hostname=?,
addr=?, terminal=?)
Jan 4 11:56:13 svn dbus: Can't send to audit system: USER_AVC avc: 0 AV
entries and 0/512 buckets used, longest chain length 0 : exe="?" (sauid=81,
hostname=?, addr=?, terminal=?)
Jan 4 11:56:13 svn kernel: audit( 1167911773.820:21): policy loaded
auid=4294967295
After looking around, I saw on this mailing list that this might be a bug in
SELinux-Policy that was fixed in version 2.3.14-3. Yum doesn't seem to know
about this newer version. Am I barking up the wrong tree?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070104/1d8a97fa/attachment.htm>
More information about the fedora-selinux-list
mailing list