Craig White wrote:
I have selinux-targeted-policy-sources installed.
I am trying to make entries that fix these two errors
in //etc/selinux/targeted/src/policy/domains/local.te
#1
Nov 14 10:43:14 srv1 dbus: Can't send to audit system: USER_AVC pid=3024
uid=81 loginuid=-1 message=avc: denied { send_msg } for
scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t
tclass=dbus
allow unconfined_t initrc_t:dbus send_msg;
#2
Nov 14 10:43:14 srv1 kernel: audit(1131990194.347:11): avc: denied
{ connectto } for pid=2941 comm="httpd" name="mysql.sock"
scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:initrc_t
tclass=unix_stream_socket
allow httpd_t initrc_t:unix_stream_socket connectto;
Can anyone tell me what might work here? This doesn't work...
# cat /etc/selinux/targeted/src/policy/domains/local.te
## http to mysql
allow httpd_t var_t:sock_file write;
allow httpd_t unconfined_t:unix_stream_socket connectto;
See audit2allow(1) for a tool to generate rules from AVC messages.
However, I think the problem might be better resolved by other means.
The second of these issues appears to be related to your mysql.sock
having context user_u:system_r:initrc_t; on my FC4 box,
/var/lib/mysql/mysql.sock has context
system_u:object_r:mysqld_var_run_t. You might want to look into why that
is first.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
