Hi, Ive been struggling to get my Apache - PHP - ODBC - MimerSql going, now I almost there.... However some guy calling himself SELinux wont let me...... as per follows: --------------------------------------------------------------------------------------------------------------------------SELinux is preventing httpd from write access on the sock_file /usr/local/MimerSQL/mimtst/.fifo.
***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow httpd to have write access on the .fifo sock_file Then you need to change the label on /usr/local/MimerSQL/mimtst/.fifo Do # semanage fcontext -a -t FILE_TYPE '/usr/local/MimerSQL/mimtst/.fifo'where FILE_TYPE is one of the following: dirsrv_var_run_t, mysqld_var_run_t, httpd_var_run_t, lsassd_var_socket_t, systemd_passwd_var_run_t, setrans_var_run_t, memcached_var_run_t, system_dbusd_var_run_t, postgresql_var_run_t, zarafa_server_var_run_t, mysqld_db_t, devlog_t, avahi_var_run_t, nscd_var_run_t, nslcd_var_run_t, sssd_var_lib_t, postgresql_tmp_t, httpd_tmp_t, abrt_var_run_t, nscd_var_run_t, winbind_var_run_t, httpd_tmpfs_t, pcscd_var_run_t, httpd_cvs_rw_content_t, httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_nutups_cgi_rw_content_t, httpd_dspam_rw_content_t, httpd_prewikka_rw_content_t, httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, passenger_var_run_t, httpd_smokeping_cgi_rw_content_t, httpd_w3c_validator_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_collectd_rw_content_t, nscd_var_run_t, pcscd_var_run_t, httpd_zoneminder_rw_content_t, httpd_user_rw_content_t, httpd_awstats_rw_content_t, httpd_cobbler_rw_content_t, httpd_munin_rw_content_t, httpd_mojomojo_rw_content_t, init_var_run_t, httpd_bugzilla_rw_content_t.
Then execute: restorecon -v '/usr/local/MimerSQL/mimtst/.fifo' ? ***** Plugin catchall (17.1 confidence) suggests ***************************If you believe that httpd should be allowed write access on the .fifo sock_file by default.
Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:usr_t:s0 Target Objects /usr/local/MimerSQL/mimtst/.fifo [ sock_file ] Source httpd Source Path httpd Port <Unknown> Host this.is Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.10.0-121.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name this.is Platform Linux this.is 3.3.4-5.fc17.i686 #1 SMP Mon May 7 17:45:26 UTC 2012 i686 i686 Alert Count 10 First Seen Sun 19 May 2013 06:03:22 PM CEST Last Seen Sun 26 May 2013 03:10:29 PM CEST Local ID 0629a113-deb5-4413-8f5f-86c1a61080ec Raw Audit Messagestype=AVC msg=audit(1369573829.588:110): avc: denied { write } for pid=2162 comm="httpd" name=".fifo" dev="dm-1" ino=262454 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=sock_file
? Hash: httpd,httpd_t,usr_t,sock_file,write audit2allowunable to open /sys/fs/selinux/policy: Permission denied ? audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied -------------------------------------------------------- I have tried setenforce 0--- and I think at one brief session (or even two) I have had it working, but it seems that
that was caused by some sideeffect Im not able to reproduce..... pls help if you have a cluebr Georg
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|