I'm trying to debug an httpd-nfs-selinux issue, and it would be _really_ useful to be able to execute commands in context httpd_t while trying out combinations of the nfs_export_all_rw Boolean and public_content_rw_t type. If I can do [root@kojihub ~]# runcon unconfined_u:unconfined_r:unconfined_t:s0 bash [root@kojihub ~]# exit why can't I do [root@kojihub ~]# runcon unconfined_u:unconfined_r:httpd_t:s0 bash runcon: invalid context: unconfined_u:unconfined_r:httpd_t:s0: Invalid argument The actual issue is that I've set up a new koji hub with /mnt/koji on an nfs mount; with SELinux in permissive mode I get AVC Report ======================================================== # date time comm subj syscall class permission obj event ======================================================== 1. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 4 dir getattr system_u:object_r:nfs_t:s0 denied 494 2. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 4 dir search system_u:object_r:nfs_t:s0 denied 493 3. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir write system_u:object_r:nfs_t:s0 denied 495 4. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir add_name system_u:object_r:nfs_t:s0 denied 495 5. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir create unconfined_u:object_r:nfs_t:s0 denied 495 6. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 2 file create unconfined_u:object_r:nfs_t:s0 denied 496 7. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 2 file open system_u:object_r:nfs_t:s0 denied 496 Moray. "To err is human; to purr, feline." OM International Limited - Unit B Clifford Court, Cooper Way - Carlisle CA3 0JG - United Kingdom Charity reg no: 1112655 - Company reg no: 5649412 (England and Wales) -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
