On Fri, 2 Apr 2004 18:05:02 +0200 Carsten Grohmann <carstengrohmann@xxxxxx> wrote: > On Freitag, 2. April 2004 16:15, Karl DeBisschop wrote: > > > Apr 2 04:09:33 xxxxx kernel: audit(1080896972.999:0): avc: > > denied { getattr } for pid=1156 exe=/usr/sbin/httpd > > path=/var/www/manual/index.html dev=md0 ino=1473314 > > scontext=system_u:system_r:httpd_t > > tcontext=system_u:object_r:var_t tclass=file > > Maybe you should relabel the webserver files with > httpd_sys_context_t or look into <path to > policy>/file_contexts/program/apache.fc change apaches path > settings. FWIW, it works if you add adding these lines to /etc/security/selinux/src/policy/file_contexts/program/apache.fc: /var/www/manual(/.*)? system_u:object_r:httpd_sys_content_t /var/www/error(/.*)? system_u:object_r:httpd_sys_content_t then: make -C /etc/security/selinux/src/policy /sbin/fixfiles relabel Presumably something like that sort of change can make it into the vext update of policy. -- Karl DeBisschop (kdebisschop@xxxxxxxxxxxxxx) Pearson Education/Infoplease (http://www.infoplease.com)