apache problem?

[Daniel Segall]

When I disable SEL via setenforce 0, I can access the user pages just
fine. As soon as I reenable it, I get the 403's. The following is all I
get in the messages log:

root at ax ~>tail -500 /var/log/messages | grep SELinux
Nov  9 04:02:13 ax kernel: SELinux: initialized (dev 0:10, type nfs), uses
genfs_contexts
Nov  9 04:02:16 ax kernel: SELinux: initialized (dev 0:21, type nfs), uses
genfs_contexts
Nov  9 04:02:16 ax kernel: SELinux: initialized (dev 0:24, type nfs), uses
genfs_contexts

root at ax ~>audit2allow -i /var/log/messages
allow httpd_t autofs_t:dir { getattr search };


Thanks for your help!
-Dan

> Daniel Segall wrote:
>
>>I tried upgrading the 2 selinux-policy-targeted packages from your page,
>>and I still get the same problems. I'm not seeing any specific errors in
>>the message log, just a bunch of initialized messages from SEL. Is there
>>something else that needs to be done to enable this? Has that Apache +
>> SEL
>>doc surfaced yet?
>>
>>Thanks,
>>-Dan
>>
>>
>>
>>>This is a bug in targeted policy.  Basically there is code in the policy
>>>to allow apache to read nfs files but it is
>>>turned off in the release.
>>>
>>>I have update the policy file on
>>>ftp://people.redhat.com/dwalsh/SELinux/FC3
>>>to allow this (This is a yum repository.)
>>>selinux-policy-targeted-1.17.30-2.20
>>>
>>>Or you can try out the latest policy from rawhide
>>>selinux-policy-targeted-1.18.1-*
>>>
>>>Both should have a fix for this.
>>>
>>>
>>
>>
>>
>>
> I just tried it out on an NFS   partition and it is working.
>
> I am able to view an html file on ~dwalsh/public_html, which is an NFS
> partition.
>
> You can temporarily turn off SELInux with
> setenforce 0
> Then try to access the page, if it still does not work then it is not
> SELinux problem,
> If it does work could you look for AVC messages in the /var/log/messages
> file.
>
> Dan
>
>