On Sun, Mar 29, 2009 at 11:27:37AM -0400, Daniel J Walsh wrote:
> On 03/28/2009 08:23 PM, Ian Weller wrote:
>> wordpress and wordpress-mu don't work well when you're first starting to
>> use them: the configuration can't access its files at
>> /usr/share/wordpress{,-mu} due to SELinux. What do I need to do to write
>> an SELinux policy and push it upstream so that others don't run into
>> this problem by default?
>>
>>
> What avc errors are you seeing in /var/log/audit/audit.log
>
Well, to get wordpress-mu to decide that it can write to
/usr/share/wordpress-mu/wp-config.php
I have to run the following:
# semanage fcontext -a -t httpd_var_run_t '/usr/share/wordpress-mu'
# semanage fcontext -a -t httpd_var_run_t '/usr/share/wordpress-mu/wp-config.php'
# semanage fcontext -a -t httpd_var_run_t '/usr/share/wordpress-mu/wp-content(/.*)?'
# restorecon -vv -RF /usr/share/wordpress-mu
I didn't get any AVC denials or anything about needing to do this.
Then, it believes it can write to the necessary directories after
refreshing the configuration page, and I get the following:
type=AVC msg=audit(1238343299.820:1766): avc: denied { create } for pid=21014 comm="httpd" name="blogs.dir" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1238343299.820:1766): arch=40000003 syscall=39 success=no exit=-13 a0=2105250 a1=1ff a2=124f938 a3=2105250 items=0 ppid=21011 pid=21014 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
--
Ian Weller <ianweller@xxxxxxxxx>
GnuPG fingerprint: E51E 0517 7A92 70A2 4226 B050 87ED 7C97 EFA8 4A36
Attachment:
pgpEcURvhdl6W.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
