selinux and smagent
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Jan 7 15:45:38 UTC 2010
I never did solve this, and I'm looking at it again. Selinux still gripes
(it's in permissive mode, or this would be more of a problem).
httpd_unified is on, which is what the *wrong* error message from selinux
tells me will fix this.
Given the info below, *should* I chcon (or semanage)
/var/log/httpd/smagent.log to the same type as the httpd error.log? Will
that make selinux happy?
mark, not happy with selinux
host=biblio type=AVC msg=audit(1262787360.769:5531): avc: denied { write
} for pid=1654 comm="LLAWP" path="/var/log/httpd/smagent.log" dev=sda3
ino=46107941 scontext=user_u:system_r:httpd_t:s0
tcontext=user_u:object_r:httpd_log_t:s0 tclass=file
ll -Z /var/log/httpd/smagent.log
-rw-r--r-- apache root user_u:object_r:httpd_log_t
/var/log/httpd/smagent.log
ll -Z /usr/local/opt/<blah>/webagent/bin/LLAWP
-rwxrwxr-x root root system_u:object_r:bin_t
/usr/local/opt/<blah>/webagent/bin/LLAWP
ll -Z /var/log/httpd/error_log
-rw-r--r-- root root system_u:object_r:httpd_log_t
/var/log/httpd/error_log
ll -Z /usr/sbin/httpd
-rwxr-xr-x root root system_u:object_r:httpd_exec_t /usr/sbin/httpd
More information about the fedora-selinux-list
mailing list