Re: ejabberd 2.0.2 vs SELinux vs CentOS 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sun, 2008-10-05 at 03:02 +1100, Damian S wrote:
> Anyway, to cut a long story short, I have discovered that SELinux is
> preventing erlang from accessing its crypto libs.
> This message appears in the SELinux audit logs:
> type=AVC msg=audit(1223133076.770:102): avc:  denied  { execmod } for
> pid=3878 comm="beam.smp"
> path="/opt/ejabberd-2.0.2_2/lib/crypto-1.5.2/priv/linux-x86/lib/crypto_drv.so" dev=dm-0 ino=26738869 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file

Just one final thing (hope it helps someone in future), according to Dan
Walsh, much better (more fine-grained) than setting the allow_execmem
boolean is to do this:
chcon -t unconfined_execmem_exec_t /opt/ejabberd-2.0.2_2/bin/beam.smp


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux