On Sun, 2005-01-30 at 20:06 -0500, Kanwar Ranbir Sandhu wrote: > Hello Everyone, > > Has anyone attempted to run RT3 (3.2.2) on a FC3 system? I'm running > into a bunch of selinux errors, and I'm having problems resolving the > issue: I'm just not very familiar with selinux. Have you seen the Fedora Apache/SELinux guide? http://fedora.redhat.com/docs/selinux-apache-fc3/ > avc: denied { getattr } for pid=681 exe=/usr/bin/perl path=/var/log > dev=dm-5 ino=129025 scontext=root:system_r:httpd_sys_script_t > tcontext=system_u:object_r:var_log_t tclass=dir Hmm. Given that we allow access to httpd_log_t which is in the default configuration a subdirectory of var_log_t, I'm surprised that this access is not allowed. Ideally though the app should not need this. > avc: denied { ioctl } for pid=693 exe=/usr/bin/perl > path=/var/log/httpd/error_log dev=dm-5 ino=129070 > scontext=root:system_r:httpd_sys_script_t > tcontext=system_u:object_r:httpd_log_t tclass=file This one is probably harmless; I think perl does an ioctl even on regular files in many situations (to find out whether it's a tty?). > avc: denied { read } for pid=693 exe=/usr/bin/perl name=tmp dev=dm-3 > ino=12 scontext=root:system_r:httpd_sys_script_t > tcontext=system_u:object_r:tmp_t tclass=lnk_file Is this /usr/tmp? Try running "chcon -h -t usr_t /usr/tmp". This is a bug in our policy package because it doesn't presently ensure that it's relabeled on upgrades.
