Selinux and Reviewboard
Vadym Chepkov
chepkov at yahoo.com
Tue Nov 3 16:14:20 UTC 2009
Hi,
I am trying to install ReviewBoard (www.reviewboard.org) on selinux enabled server and there are a lot of problems so far. I wonder if anybody have the policy they could share. I got to the point where I get these:
time->Tue Nov 3 16:06:41 2009
type=SYSCALL msg=audit(1257264401.953:9042): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=20d4b0 a2=5 a3=802 items=0 ppid=3448 pid=3450 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=user_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1257264401.953:9042): avc: denied { execute } for pid=3450 comm="httpd" path="/var/www/reviews/tmp/egg_cache/MySQL_python-1.2.3c1-py2.4-linux-x86_64.egg-tmp/_mysql.so" dev=sda1 ino=378349 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:httpd_tmp_t:s0 tclass=file
----
time->Tue Nov 3 16:06:41 2009
type=SYSCALL msg=audit(1257264401.553:9041): arch=c000003e syscall=9 success=no exit=-13 a0=0 a1=205848 a2=5 a3=802 items=0 ppid=3448 pid=3450 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=user_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1257264401.553:9041): avc: denied { execute } for pid=3450 comm="httpd" path="/var/www/reviews/tmp/egg_cache/cmemcache-0.95-py2.4-linux-x86_64.egg-tmp/_cmemcache.so" dev=sda1 ino=378290 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:httpd_tmp_t:s0 tclass=file
As far as I understand the code creates dynamic libraries which it tries to execute later. I obviously need to handle this carefully, so I need an expert advise. Thank you.
Sincerely yours,
Vadym Chepkov
More information about the fedora-selinux-list
mailing list