Re: SELinux denies httpd access to /etc/my.cnf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Anthony Messina wrote:
> I get the following in my logs, in permissive mode:
> 
> avc: denied { read } for comm="httpd" dev=sda2 egid=48 euid=48 
> exe="/usr/sbin/httpd" exit=32 fsgid=48 fsuid=48 gid=48 items=0 name="my.cnf" 
> pid=27369 scontext=root:system_r:httpd_t:s0 sgid=48 
> subj=root:system_r:httpd_t:s0 suid=48 tclass=file 
> tcontext=system_u:object_r:mysqld_etc_t:s0 tty=(none) uid=48
> 
> avc: denied { getattr } for comm="httpd" dev=sda2 egid=48 euid=48 
> exe="/usr/sbin/httpd" exit=0 fsgid=48 fsuid=48 gid=48 items=0 name="my.cnf" 
> path="/etc/my.cnf" pid=27369 scontext=root:system_r:httpd_t:s0 sgid=48 
> subj=root:system_r:httpd_t:s0 suid=48 tclass=file 
> tcontext=system_u:object_r:mysqld_etc_t:s0 tty=(none) uid=48
> 
> Should httpd be accessing this file?  If so, how would I set up that 
> configuration?  It seems that if this type of access is necessary, a boolean 
> would be in place.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Yes it should have the ability to read it.  The only reason there is a
type on this file is for database admins to be able to manage it.

So  will update policy to allow http to read the file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHAjQ6rlYvE4MpobMRAo3qAJ9NPw7j7xUK9C+vXR+fgc7pAAyrCgCaA0x1
yCZ02A2NwaWzNeLBUZME31U=
=UVNb
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux