Re: httpd avc denied problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I installed the policy sources on my fedora core 3. :)
Got to step one
Edit /etc/selinux/targeted/src/policy/file_contexts/file_contexts

There is no such file  :(
[root@webmail ~]# ls /etc/selinux/targeted/src/policy/file_contexts/
distros.fc  misc  program  types.fc
[root@webmail ~]#

Arthur Stephens
Sales Technician
Ptera Wireless Internet
astephens@xxxxxxxxx
509-927-Ptera

----- Original Message ----- 
From: "Karsten Wade" <kwade@xxxxxxxxxx>
To: "Fedora SELinux support list for users & developers."
<fedora-selinux-list@xxxxxxxxxx>
Sent: Tuesday, November 30, 2004 2:01 PM
Subject: Re: httpd avc denied problem


> On Tue, 2004-11-30 at 13:12, Karsten Wade wrote:
>
> >   chcon -R -t httpd_log_t /var/www/*/logs/*
> >   service httpd start
>
> BTW, if this works, you'll want to do something to make the change
> permanent.  Otherwise, the next running of restorecon will hose your
> configuration.
>
> Two options jump to mind:
>
> * Move the logs into a path that will receive httpd_log_t, i.e.,
> /var/logs/httpd/
>
> * Install the policy sources (yum install
> selinux-policy-targeted-sources), and do the following:
>
> 1. Edit /etc/selinux/targeted/src/policy/file_contexts/file_contexts
>
> 2. Add this line:
> /var/www/.*/logs(/.*)?            system_u:object_r:httpd_log_t
>
> Feel free to correct my regexp, but I think it's right. :)
>
> 3. In /etc/selinux/targeted/src/policy rebuild the policy with 'make
> load'.  This will build and load the new policy directly into memory.
>
> 4. If you now do restorecon, the /var/www/*/logs directories should get
> the proper context.
>
> Be aware that if you make another change to SELinux, especially using
> system-config-securitylevel, the file /.autorelabel may get created.
> That triggers a relabeling on reboot, and may hose any manual
> customizations not fixed in policy.
>
> - Karsten
> -- 
> Karsten Wade, RHCE, Tech Writer
> a lemon is just a melon in disguise
> http://people.redhat.com/kwade/
> gpg fingerprint: 2680 DBFD D968 3141 0115  5F1B D992 0E06 AD0E 0C41
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux