[Linux-cluster] RHEL4.5, GFS and selinux, are they playing nice?
Roger Peña
orkcu at yahoo.com
Wed Sep 12 19:50:27 UTC 2007
--- Roger Peña <orkcu at yahoo.com> wrote:
> Hello everybody ;-)
>
> I keep working in making a web cluster play nice
> after
> the upgrade from RHEL4.4 -> RHEL4.5
> with this upgrade, the relation httpd-selinux become
> more strict
[bla bla bla]
> so now I have support to xattr in ours GFS
> filesystems
> but, here is the problem:
> the httpd do not want to start because some config
> files (witch reside in another GFS filesystem) have
> a
> forbidden context (httpd can not read file with that
> context) (those files are included from the main
> apache configuration)
> here are the error from selinux:
> { search } for pid=2289 comm="httpd" name="/"
> dev=dm-7 ino=25
> scontext=root:system_r:httpd_t
> tcontext=system_u:object_r:nfs_t
> tclass=dir
[bla bla bla]
> but, that directory is /opt/soft:
> ll -di /opt/soft/
> 25 drwxr-xr-x 8 root root 3864 Sep 11 2007
> /opt/soft/
> ^^ <--- this is the inode
>
> and it context is system_u:object_r:httpd_config_t:
> ll -dZ /opt/soft/
> drwxr-xr-x root root
> system_u:object_r:httpd_config_t /opt/soft/
>
> so, who is wrong? ls -Z or "global selinux kernel
> module" ?
> because ls -Z show that the context of that
> directory
> is system_u:object_r:httpd_config_t
[lots of bla bla]
> is this related to the fact that selinux policy
> stated
> this:
> genfscon gfs / system_u:object_r:nfs_t
should I follow what is stated for reiserfs in this
url:
http://james-morris.livejournal.com/3580.html
?
if I should do it, because is the right thing to do,
why:
1- redhat did not do it for the release of 4.5 ?
2- others aren't getting this king of problems?
Am I the only one with GFS-selinux problems ?
cu
roger
__________________________________________
RedHat Certified ( RHCE )
Cisco Certified ( CCNA & CCDA )
____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
More information about the Linux-cluster
mailing list