On Mon, 2005-31-01 at 20:07 -0500, Colin Walters wrote:
> > Moving it to /var/log/httpd generated this error in error.log for httpd:
> >
> > Log file /var/log/httpd/rt.log couldn't be written or created.
>
> Is the type on rt.log still httpd_log_t? Use ls -Z to inspect.
Yes it is...after I created the file by hand! :) In any case, it didn't
help.
> > [root@mothership tmp]# ls -di /usr/tmp
> > 12 /usr/tmp
>
> Yeah, that's what I thought. If you look at the denial message, the
> inode number was 12. If your /usr isn't on a separate filesystem, then
> you know the denial was on the /usr/tmp symlink.
>
> I'm baffled you're still getting the denial though. Can you confirm
> with "ls -dZ /usr/tmp" that the type is usr_t?
Yes, the type is usr_t. BTW, I have /usr mounted on a separate
partition (actually, the whole server is setup up with LVM).
> > avc: denied { getattr } for pid=2014 exe=/usr/bin/perl path=/var/log
> > dev=dm-5 ino=129025 scontext=root:system_r:httpd_sys_script_t
> > tcontext=system_u:object_r:var_log_t tclass=dir
>
> If after everything else doesn't work, here's what you can do:
I wanted to keep hacking away, but I couldn't take it anymore. I setup
RT with modperl2 instead, and viola, it worked. RT 3.2.2 is running.
There are still denials, though I haven't noticed any problems in the
app itself (here are two):
avc: denied { ioctl } for pid=4439 exe=/usr/sbin/httpd
path=/var/www/rt/bin/webmux.pl dev=dm-5 ino=28748
scontext=root:system_r:httpd_t
tcontext=root:object_r:httpd_sys_script_exec_t tclass=file
avc: denied { create } for pid=4439 exe=/usr/sbin/httpd name=fastcgi
scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_log_t
tclass=dir
Thank you very much for your help. Not having solved the problem with
FastCGI is obviously bad since getting selinux to work would have been
the better answer.
Regards,
Ranbir
--
Kanwar Ranbir Sandhu
Linux Consultant
Systems Aligned Inc.
www.systemsaligned.com
