Re: Help with messed up F11 SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/26/2010 12:41 PM, Steve Blackwell wrote:
> On Mon, 26 Apr 2010 11:11:00 -0400
> Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> 
> 
>>> I do still have one (so far) problem though. When I tried to point
>>> my browser at my local BackupPC server page a get an "Unable to
>>> Connect" message and an AVC:
>>>
>>> Raw Audit Messages :
>>> node=steve.blackwell type=AVC msg=audit(1272289200.98:138): avc:
>>> denied { write } for pid=31707 comm="perl5.10.0"
>>> name="BackupPC.sock" dev=dm-0 ino=36667496
>>> scontext=system_u:system_r:httpd_t:s0
>>> tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
>>>
>>> node=steve.blackwell type=SYSCALL msg=audit(1272289200.98:138):
>>> arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfbd44e0
>>> a2=cfe4ac a3=9317008 items=0 ppid=2037 pid=31707 auid=4294967295
>>> uid=48 gid=48 euid=495 suid=495 fsuid=495 egid=48 sgid=48 fsgid=48
>>> tty=(none) ses=4294967295 comm="perl5.10.0"
>>> exe="/usr/bin/perl5.10.0" subj=system_u:system_r:httpd_t:s0
>>> key=(null)
>>>
>>> Now I know I could change the context of that socket file but I'm
>>> guessing that it gets created every time and so that is not a
>>> permanent solution. Is there a boolean I need to set; nothing
>>> looked obvious or perhaps a BackupPC policy I need to install?
>>>
>>> Thanks,
>>> Steve
>>> --
>>> selinux mailing list
>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>>>
>> What directory is the socket in?
> 
> /var/log/BackupPC
> 
> Steve

The BackupPC package comes with labeling in F12/F13 of httpd_sys_content_t.

# matchpathcon /var/log/BackupPC/
/var/log/BackupPC	system_u:object_r:httpd_sys_content_t:s0

Execute the following, should fix the problem

# semanage fcontext -a -t httpd_sys_content_t '/var/log/BackupPC(/.*)?'
# restorecon -R -v /var/log/BackupPC
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvW3GUACgkQrlYvE4MpobMsrwCg6k7LkOJ85DZVKlsugvy7ieRQ
N/MAn0YvPOqpcOckrhNmQqXVJfsQIUJp
=Eo2t
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux