Re: RHEL4.5, GFS and selinux, are they playing nice?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Roger Peña <orkcu@xxxxxxxxx> wrote:

> Hello everybody ;-)
> 
> I keep working in making a web cluster play nice
> after
> the upgrade from RHEL4.4 -> RHEL4.5 
> with this upgrade, the relation httpd-selinux become
> more strict

[bla bla bla]

> so now I have support to xattr in ours GFS
> filesystems
> but, here is the problem:
> the httpd do not want to start because some config
> files (witch reside in another GFS filesystem) have
> a
> forbidden context (httpd can not read file with that
> context) (those files are included from the main
> apache configuration)

> here are the error from selinux:
> { search } for  pid=2289 comm="httpd" name="/"
> dev=dm-7 ino=25  
> scontext=root:system_r:httpd_t
> tcontext=system_u:object_r:nfs_t  
> tclass=dir

[bla bla bla]

> but, that directory is /opt/soft:
> ll -di /opt/soft/
> 25 drwxr-xr-x  8 root root 3864 Sep 11  2007
> /opt/soft/
> ^^ <--- this is the inode
> 
> and it context is system_u:object_r:httpd_config_t:
> ll -dZ /opt/soft/
> drwxr-xr-x  root     root    
> system_u:object_r:httpd_config_t /opt/soft/
> 
> so, who is wrong? ls -Z or "global selinux kernel
> module" ?
> because ls -Z show that the context of that
> directory
> is system_u:object_r:httpd_config_t

[lots of bla bla]

> is this related to the fact that selinux policy
> stated
> this:
> genfscon gfs /  system_u:object_r:nfs_t

should I follow what is stated for reiserfs in this
url:
http://james-morris.livejournal.com/3580.html
?

if I should do it, because is the right thing to do,
why:
1- redhat did not do it for the release of 4.5 ?
2- others aren't getting this king of problems?

Am I the only one with GFS-selinux problems ?


cu
roger

__________________________________________
RedHat Certified ( RHCE )
Cisco Certified ( CCNA & CCDA )


       
____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search 
that gives answers, not web links. 
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC

--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster
[Index of Archives]     [Corosync Cluster Engine]     [GFS]     [Linux Virtualization]     [Centos Virtualization]     [Centos]     [Linux RAID]     [Fedora Users]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Camping]

  Powered by Linux