Fedora 9 can't use apache's mod_auth_shadow
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 10 11:47:24 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kevin White wrote:
> OK, after my work before, mod_auth_shadow is working, but I'm getting a
> bunch of this in /var/log/messages:
>
> Feb 4 22:47:32 localhost setroubleshoot: SELinux is preventing validate
> (system_chkpwd_t) "read write" to anon_inode (anon_inodefs_t). For
> complete SELinux messages. run sealert -l
> 6f1012d0-d21a-4da2-bc85-e2dc1929aa84
>
> Raw Audit Messages
>
> node=localhost.localdomain type=AVC msg=audit(1233805644.757:1148): avc:
> denied { read write } for pid=15883 comm="validate"
> path="anon_inode:[eventpoll]" dev=anon_inodefs ino=33
> scontext=unconfined_u:system_r:system_chkpwd_t:s0
> tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file
>
> node=localhost.localdomain type=SYSCALL msg=audit(1233805644.757:1148):
> arch=40000003 syscall=11 success=yes exit=0 a0=bf8b25bf a1=bf8b154c
> a2=bf8b2dec a3=1 items=0 ppid=15847 pid=15883 auid=513 uid=48 gid=502
> euid=0 suid=0 fsuid=0 egid=502 sgid=502 fsgid=502 tty=(none) ses=11
> comm="validate" exe="/usr/sbin/validate"
> subj=unconfined_u:system_r:system_chkpwd_t:s0 key=(null)
>
> Ummmm....something isn't being allowed, but the check password is still
> working.
>
> I'm sorry...I don't even know what anon_inode is.
>
> Help?
>
> I'm just trying to use software that's included with Fedora 9...
>
> Kevin
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
I will add rules to allow this in the policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmRaUwACgkQrlYvE4MpobOQMQCeIxC/QOUVZLYnxyQsKudsKI4o
v8IAn0Pdq+gwQKm4ACi53CnNoJocgcDu
=/f79
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list