Re: Big brother and httpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

How did u relabel bb.html and bb2.html?
Did you change the apache.fc file to label the files and dirs 
under /home/bb/bb/www, followed by "make load" and 
then "setfiles" / "restorecon"?

James

On 6/25/05, Tom Diehl <tdiehl@xxxxxxxxxxxx> wrote:
> Hi,
> 
> I am trying to get Big Brother working on EL4. I have the following in
> the httpd.conf
> 
> Alias /bb /home/bb/bb/www
> 
> With SELinux enabled I get the following in the logs when I try to access
> the BB web page
> :
> Jun 25 18:44:24 pocono kernel: audit(1119739464.262:0): avc:  denied  { search } for  pid=20700 comm=httpd name=bb dev=dm-1 ino=6406600 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t tclass=dir
> Jun 25 18:44:24 pocono kernel: audit(1119739464.262:0): avc:  denied  { getattr } for  pid=20700 comm=httpd path=/home/bb/bb dev=dm-1 ino=6406600 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t tclass=dir
> Jun 25 18:44:27 pocono kernel: audit(1119739467.679:0): avc:  denied  { search } for  pid=23158 comm=httpd name=bb dev=dm-1 ino=6406600 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t tclass=dir
> Jun 25 18:44:27 pocono kernel: audit(1119739467.679:0): avc:  denied  { getattr } for  pid=23158 comm=httpd path=/home/bb/bb dev=dm-1 ino=6406600 scontext=root:system_r:httpd_t tcontext=root:object_r:user_home_t tclass=dir
> 
> If I disable SELinux for apache, I can access the BB web pages just fine.
> 
> I relabeled /home/bb/bb/www but I still get the errors.
> 
> (pocono pts31) # ll -Z ~bb/bb/www
> -rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-ack.sh
> -rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-hist.sh
> -rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-histlog.sh
> -rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-hostsvc.sh
> -rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-rep.sh
> -rwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t bb-replog.sh
> -rw-rw-r--  bb       bb       user_u:object_r:user_home_t      bb.html
> -rw-rw-r--  bb       bb       user_u:object_r:user_home_t      bb2.html
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t gifs
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t help
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t html
> -rw-r--r--  bb       bb       root:object_r:httpd_sys_content_t index.html
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t newbldg
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t notes
> drwxrwxr-x  bb       apache   root:object_r:httpd_sys_content_t rep
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t reynolds
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t rogueind
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t routers
> drwxr-xr-x  bb       bb       root:object_r:httpd_sys_content_t xo
> (pocono pts31) #
> 
> I tried relabeling bb.html and bb2.html but they keep reverting to
> user_u:object_r:user_home_t. I suspect this is my problem but I am new
> to SELinux so I am not sure.
> 
> Can someone suggest how to fix this??
> 
> Regards,
> 
> Tom Diehl               tdiehl@xxxxxxxxxxxx             Spamtrap address mtd123@xxxxxxxxxxxx
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux