FC5, Apache, Bugzilla, SELinux issues
R Edmonds
redmonds98 at googlemail.com
Fri Jan 5 10:09:26 UTC 2007
Once again, thanks to all who helped. I have Bugzilla successfully up and
running on FC5 with SELinux!
A few notes about my experiences:
My install was Bugzilla 2.22.1, which had a bug in the groups preferences
page. I grabbed the patch and after applying it the whole site went back to
being broken.
I reloaded the policy and reran restorecon -rv /var/lib/bugzilla
/var/www/html/bugzilla/
then all was well again.
If anyone has further questions feel free to ask.
Cheers.
R.
On 04/01/07, Steve G <linux_4ever at yahoo.com> wrote:
>
>
> >in /var/log/messages i see a similar error to my original post:
> >
> >Jan 4 15:57:11 svn kernel: security: 3 users, 6 roles, 1489 types, 153
> bools,
> 1 >sens, 256 cats
> >Jan 4 15:57:11 svn kernel: security: 58 classes, 43765 rules
> >Jan 4 15:57:11 svn dbus: Can't send to audit system: USER_AVC
> avc: received
> >policyload notice (seqno=13) : exe="?" (sauid=81, hostname=?, addr=?,
> terminal=?)
>
> These are not errors. Part of the problem is that the libselinux audit
> callback
> API only allows a format and varargs to be passed to the logging function.
> This
> means the logger has to assume that everything it sees is an AVC so it
> doesn't
> miss one. I'd like to correct this API problem at some point during FC7
> devel
> cycle so that the message type is also passed to the logger. This way we
> can
> properly label the audit events so that it says USER_POLICY_LOAD instead
> of
> USER_AVC which tends to get people excited.
>
> I also think that dbus could do a slightly better job of determining when
> it
> should send an audit message vs simply syslogging it. The user session bus
> does
> not have the privileges necessary to write to the audit system.
>
> -Steve
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070105/385c13c1/attachment.htm>
More information about the fedora-selinux-list
mailing list