Re: Webdav problems in enforcing mode in Raw Hide

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Nicolas Mailhot wrote:

Hi,

I've just test tested webdav in enforcing mode on Fedora Devel and it
doesn't work :


- apache needs rw access on /srv (don't know where the default dav root
should be, I put it in srv since its seems the FHS wants this kind of
stuff there)

type=AVC msg=audit(1130749513.951:3772): avc:  denied  { read } for
pid=11759 comm="httpd" name="nim" dev=dm-0 ino=1048598
scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0
tclass=dir
type=SYSCALL msg=audit(1130749513.951:3772): arch=c000003e syscall=2
success=no exit=-13 a0=5555558ca410 a1=10800 a2=5555558c7ff8
a3=5555558c58a7 items=1 pid=11759 auid=4294967295 uid=48 gid=48 euid=48
suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="httpd"
exe="/usr/sbin/httpd"
You need to change the context of those directories so that httpd can read/write them 

chcon -R -t httpd_sys_script_rw_t /var/lib/dav

http://fedora.redhat.com/docs/selinux-apache-fc3/

Has a good description of how to use httpd and selinux.


- it also needs rw acces to its default /var/lib/dav/lockdb.dir

type=AVC msg=audit(1130749738.930:3777): avc:  denied  { write } for
pid=11766 comm="httpd" name="lockdb.dir" dev=dm-0 ino=2392524
scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1130749738.930:3777): arch=c000003e syscall=2
success=no exit=-13 a0=5555558c7580 a1=42 a2=1b6 a3=3 items=1 pid=11766
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
type=CWD msg=audit(1130749738.930:3777):  cwd="/"
type=PATH msg=audit(1130749738.930:3777): item=0
name="/var/lib/dav/lockdb.dir" flags=310  inode=2392223 dev=fd:00
mode=040700 ouid=48 ogid=48 rdev=00:00


On another topic I still have spamassassin procmail problems :

type=CWD msg=audit(1130749836.551:3779):  cwd="/home/nim/.maildir"
type=PATH msg=audit(1130749836.551:3779): item=0 name="/usr/bin/spamc"
flags=1  inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1130749839.979:3780): avc:  denied  { execute } for
pid=11852 comm="procmail" name="spamc" dev=dm-0 ino=3349141
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1130749839.979:3780): arch=c000003e syscall=59
success=no exit=-13 a0=51c1d1 a1=51c170 a2=51bfc0 a3=51c1d1 items=1
pid=11852 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="procmail" exe="/usr/bin/procmail"
type=CWD msg=audit(1130749839.979:3780):  cwd="/home/nim/.maildir"
type=PATH msg=audit(1130749839.979:3780): item=0 name="/usr/bin/spamc"
flags=101  inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1130749839.983:3781): avc:  denied  { getattr } for
pid=11852 comm="sh" name="spamc" dev=dm-0 ino=3349141
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=filetype=SYSCALL
msg=audit(1130749839.983:3781): arch=c000003e syscall=4 success=no
exit=-13 a0=6bf780 a1=7fffffefb5c0 a2=7fffffefb5c0 a3=2 items=1
pid=11852 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="sh" exe="/bin/bash"
type=AVC_PATH msg=audit(1130749839.983:3781):  path="/usr/bin/spamc"
type=CWD msg=audit(1130749839.983:3781):  cwd="/home/nim/.maildir"
type=PATH msg=audit(1130749839.983:3781): item=0 name="/usr/bin/spamc"
flags=1  inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00



Package versions :

selinux-policy-targeted-1.27.2-10
libselinux-1.27.17-1

Regards,




--


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux