The continuing saga....
May 11 18:11:05 bugzilla kernel: audit(1147389065.041:16): avc:
denied { read } for pid=19398 comm="index.cgi" name="resolv.conf"
dev=md1 ino=1106152 scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:net_conf_t:s0 tclass=file
May 11 18:11:05 bugzilla kernel: audit(1147389065.045:17): avc:
denied { create } for pid=19398 comm="index.cgi"
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket
May 11 18:11:05 bugzilla kernel: audit(1147389065.045:18): avc:
denied { create } for pid=19398 comm="index.cgi"
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=udp_socket
May 11 18:11:05 bugzilla kernel: audit(1147389065.045:19): avc:
denied { shutdown } for pid=19398 comm="index.cgi"
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=tcp_socket
It seems like I'm just going to have to keep trying and adding new
allow rules, 2 or 3 at a time, until I've hit everything not allowed
by selinux. Surely I'm not the first person to try to get Bugzilla
running on FC5?
Is there a better way to do this than trial and error?
--
James Garrison Athens Group, Inc.
mailto:jhg@xxxxxxxxxxxxxxx 5608 Parkcrest Dr
http://www.athensgroup.com Austin, TX 78731
SKYPE callto:jhg-athensgroup (512) 345-0600 x150
PGP: RSA=0x92E90A3B DH/DSS=0x498D331C
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
