A quick hack would be: chcon -R --reference=/var/www/html /var/lib/cacti Happy Hacking On Mon, 2005-12-19 at 09:07 +0100, Aurelien Bompard wrote: > Hi all, > > We're trying to package cacti for Fedora Extras: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175748 > and we're running into an SELinux problem. Cacti is a web frontend to > RRDTool, an improved version of MRTG (which you might know). > There is a script, run by cron, which create the statistics databases, and > put them in /var/lib/cacti. The log goes into /var/log/cacti. Then, the web > interfaces lets the user see theses statistics. > The problem is that SELinux won't let httpd access /var/lib/cacti : > type=AVC msg=audit(1134978797.695:45154): avc: denied { read } for > pid=2605 comm="rrdtool" name="localhost_proc_7.rrd" dev=sda2 ino=981003 > scontext=root:system_r:httpd_sys_script_t > tcontext=system_u:object_r:var_lib_t tclass=file > > Httpd can't acces /var/log/cacti either. > What should we do to make that work with SELinux ? Do we have to run chcon > in the %post scriptlet (that sounds like an ugly hack) ? Should we move > everything to /var/www ? > > Thanks for you help > > Aurélien -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
