On Monday, December 01, 2008 10:26 AM -0500 Rick Barnes
<linux@xxxxxxxxxxxxxx> wrote:
Try this:
# grep httpd /var/log/audit/audit.log | audit2why
The output should explain why you are getting the permission denials.
Alas, it didn't really tell me more than what I could see in the log lines.
What helped was to download the source RPM for the policy:
selinux-policy-2.4.6-137.el5.src.rpm
This is like a kernel source package, and has all the text files that are
compiled to become the installed binary policy. Hence, it's very handy for
grepping through to understand how all the rules work. It also identified
that there's a man page full of handy sebools for more fine-grained control
of the web server policy. Use "man httpd_selinux" to view it.
Looking more carefully at my log lines, I realized that the "/" being
referred to was not the "real" root but the root of the mounted device, and
it had type file_t. That's not a directory type that Apache is allowed to
search. For now, I've changed it to var_t, which is one that's allowed, and
things now work.
chcon -t var_t /mnt/bigdisk2
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
