Re: [OT] Deafening silence

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03/15/2010 07:10 AM, Roger wrote:
> well I've found the selinux list to be a much better place to get help
>    
>> with selinux stuff than this list but I would expect that if you had put
>> drupal stuff into /var/www and made a soft link in /home to that
>> directory you would have not had any issues with selinux at all. If you
>> try to move the files now, I would suspect that they would have to be
>> relabeled since they probably have home contexts and not html contexts
>> (man restorecon) and that would have to be fixed. I think you can also
>> set a boolean operator to tell it that you are serving html pages from
>> users home directories but I'm not sure from your description that you
>> actually have drupal in a users folder.
>>
>> Craig
>>      
>    
>> I have working installations of Drupal 6.16 and 7 in /var/www/html and
>> seLinux objects
>>      
> latest is:
> SELinux has denied httpd access to potentially mislabeled file(s)
> (Eckankar.png). This means that SELinux will not allow httpd to use
> these files. It is common for users to edit files in their home
> directory or tmp directories and then move (mv) them to system
> directories. The problem is that the files end up with the wrong file
> context which confined applications are not allowed to access.
>
> but Drupal uses that image file so I don't take any notice.
>
> others are like:
> SELinux has denied the sendmail access to potentially mislabeled files
> /var/spool/clientmqueue. This means that SELinux will not allow httpd to
> use these files. Many third party apps install html files in directories
> that SELinux policy cannot predict. These directories have to be labeled
> with a file context which httpd can access.
>
> I installed a new copy of Drupal in /home/user/directory and set
> /etc/httpd/conf/httpd.conf to point to that directory but get denials.
>
> I have no understanding of contexts - its another thing I have to get to
> grips with.
> Thanks
> Roger
>    
SELinux is just about labeling.  In a way permissions are just labels 
also.  Ownership and Permission Map could be thought of as a label.  
Processes has a label of UID and files have labels of UID + Permission 
Map.  With SELinux Process have a label (Security COntext) and files 
have a label (file Context).  Then SELinux inforces rules about how 
process Security Context interact with File Security Context.

This document explains what SELinux is trying to tell you.
http://people.fedoraproject.org/~dwalsh/SELinux/Presentations/selinux_four_things.pdf

If you sent me your AVC messages(SELinux Errors)  I could help you get 
rid of them.

ausearch -m avc -ts recent

Is a command that tells the audit system to give you all of the recent 
SELinux messages from the audit system.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux