On Fri, 2004-09-17 at 08:17, Cream[DONut] wrote:
when starting httpd, it just fails, there are no AVC messages in /var/log, but for testing purpose I set DocumentRoot to the / root of the server, which worked, then i tried going to /home, which didnt work, I couldnt open /home/xxxxxx or /home/xxxxxx/www.
BTW, when you see no AVC messages but think that SELinux is the culprit, do a 'make enableaudit load' in the policy source directory and try again, and then do a 'make clean load' to revert. That is noted in the Fedora SELinux FAQ. Certain audit messages are explicitly suppressed by default using dontaudit rules in the policy to avoid filling the logs with noise, and the 'enableaudit' removes those rules to ensure that you see every denial.
with make enableaudit load
Sep 17 18:23:15 DONut kernel: audit(1095438195.775:0): avc: denied { read write } for pid=2822 exe=/usr/sbin/httpd path=/dev/pts/0 dev=devpts ino=2 scontext=root:system_r:httpd_t tcontext=root:object_r:devpts_t tclass=chr_file
Sep 17 18:23:16 DONut httpd: httpd startup succeeded
when trying to accessing http://server/~xxxxxx/
Sep 17 18:24:10 DONut kernel: audit(1095438250.555:0): avc: denied { search } for pid=2826 exe=/usr/sbin/httpd name=xxxxxx dev=hda2 ino=886604 scontext=root:system_r:httpd_t tcontext=system_u:object_r:user_home_dir_t tclass=dir
Sep 17 18:24:10 DONut kernel: audit(1095438250.556:0): avc: denied { getattr } for pid=2826 exe=/usr/sbin/httpd path=/home/xxxxxx dev=hda2 ino=886604 scontext=root:system_r:httpd_t tcontext=system_u:object_r:user_home_dir_t tclass=dir
Anyway, thanks for the help, dont give it too much attention, i'll install test2 next week, and let you know how it goes.
regards Kris
