|
If someone would be so kind to answer a noob question.
When installing an apache authentication extension called WebAuth (3.5.4), it works
great with selinux disabled (setenforce 0), but turn on enforcement (setenforce
1), bam, cant read/write the necessary files. To selinux, perhaps it looks
like rogue code trying to modify configuration files. Files: /etc/httpd/conf/webauth/keytab /etc/httpd/conf/webauth/keyring /etc/httpd/conf/webauth/service_token_cache Messages: audit(1187726388.800:5): avc: denied { write }
for pid=2030 comm="httpd" name="webauth" dev=dm-0
ino=66396 scontext=root:system_r:httpd_t:s0
tcontext=root:object_r:httpd_config_t:s0 tclass=dir audit(1187727527.410:38): avc: denied { read }
for pid=2229 comm="httpd" name="keytab" dev=dm-0
ino=196626 scontext=root:system_r:httpd_t:s0
tcontext=root:object_r:user_home_t:s0 tclass=file audit(1187727527.415:39): avc: denied { read }
for pid=2229 comm="httpd" name="keytab" dev=dm-0
ino=196626 scontext=root:system_r:httpd_t:s0
tcontext=root:object_r:user_home_t:s0 tclass=file audit(1187727527.420:40): avc: denied { write }
for pid=2229 comm="httpd" name="service_token_cache"
dev=dm-0 ino=66426 scontext=root:system_r:httpd_t:s0
tcontext=root:object_r:httpd_config_t:s0 tclass=file audit2allow says “allow httpd_t httpd_config_t:dir write; allow httpd_t httpd_config_t:file write; allow httpd_t user_home_t:file read;” but this seems arbitrarily permissive. What would give only access read/write access these three
files? Sorry if this is off-topic. Running RHEL 5 (“ES”, 32-bit) patched. RTFM’ed
already: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/
not much help. Kind Regards, Barry Allard Systems Administrator Stanford Medical Informatics +1.650.723.7270 |
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
