Re: SELinux: avc: denied { associate }

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2013-01-18 at 20:48 +0000, Napoleon Quashie wrote:
> This has been "doing my head in" as the British will say. I've been
> battling it for days now. A post to Fedora forums and irc hasn't helped.
> You guys are my last resort. It goes like so:
> 

I am not sure what you are trying to achieve here.

httpd_sys_content_t is a file type and not a file system type

Did you specify the following and if so, why?

auto context="system_u:object_r:httpd_sys_content_t:s0"

> 
>    1. type=AVC msg=audit(1358529889.481:315): avc:  denied  { associate }
>    for  pid=1522 comm="httpd"name="access.log" scontext
>    =system_u:object_r:httpd_sys_rw_content_t:s0tcontext
>    =system_u:object_r:httpd_sys_content_t:s0 tclass=filesystem
>    2.
>    3.         Was caused by:
>    4.                 Unknown - would be allowed by active policy
>    5.                 Possible mismatch between this policy and the one
>    under which the audit message was generated.
>    6.
>    7.                 Possible mismatch between current in-memory boolean
>    settings vs. permanent ones.
>    8.
>    ------------------------------------------------------------------------------------------------
>    9.
>    10. <VirtualHost *:80>
>    11.     ServerAdmin webmaster@localhost
>    12.     ServerName lab.dev
>    13.
>    14.     DocumentRoot /shared/www/lab/public
>    15.
>    16.     <Directory /shared/www/lab/public/>
>    17.         Options Indexes FollowSymLinks
>    18.         AllowOverride All
>    19.         Order allow,deny
>    20.         Allow from all
>    21.     </Directory>
>    22.
>    23.     # Custom log file locations
>    24.     LogLevel warn
>    25.     ErrorLog /shared/www/lab/logs/error.log
>    26.     CustomLog /shared/www/lab/access.log combined
>    27.
>    28. </VirtualHost>
>    29.
>    ------------------------------------------------------------------------------------------
>    30. /etc/fstab
>    31. ----------
>    32. #
>    33. # /etc/fstab
>    34. # Created by anaconda on Tue Jan 15 21:01:00 2013
>    35. #
>    36. # Accessible filesystems, by reference, are maintained under
>    '/dev/disk'
>    37. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for
>    more info
>    38. #
>    39. /dev/mapper/fedora-root /                       ext4    defaults
>       1 1
>    40. UUID=f92ec976-f49c-496d-be24-2bd7391eec2e /boot
>    ext4    defaults        1 2
>    41. /dev/mapper/fedora-home /home                   ext4    defaults
>       1 2
>    42. /dev/mapper/fedora-swap swap                    swap    defaults
>       0 0
>    43. /dev/disk/by-uuid/E0D8317FD83154CE /windows auto
>    nosuid,nodev,nofail,x-gvfs-show,x-gvfs-name=Windows 0 0
>    44. /dev/disk/by-uuid/D0D6BF93D6BF7874 /shared auto context=
>    "system_u:object_r:httpd_sys_content_t:s0" 0 0
>    45.
>    =======================================================================================================
>    46.
>    47. /shared is an ntfs partition and /shared/www/public is the root of
>    the site lab.dev
> 
> Thanks for any assistance.
> This has been "doing my head in" as the British will say. I've been
> battling it for days now. A post to Fedora forums and irc hasn't
> helped. You guys are my last resort. It goes like so:
> 
>         type=AVC msg=audit(1358529889.481:315): avc:  denied
>          { associate } for  pid=1522 comm="httpd"name="access.log" scontext=system_u:object_r:httpd_sys_rw_content_t:s0tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=filesystem
>          
>                 Was caused by:
>                         Unknown - would be allowed by active policy
>                         Possible mismatch between this policy and the
>         one under which the audit message was generated.
>          
>                         Possible mismatch between current in-memory
>         boolean settings vs. permanent ones.
>         ------------------------------------------------------------------------------------------------
>          
>         <VirtualHost *:80>
>             ServerAdmin webmaster@localhost
>             ServerName lab.dev
>          
>             DocumentRoot /shared/www/lab/public
>          
>             <Directory /shared/www/lab/public/>
>                 Options Indexes FollowSymLinks
>                 AllowOverride All
>                 Order allow,deny
>                 Allow from all
>             </Directory>
>          
>             # Custom log file locations
>             LogLevel warn
>             ErrorLog /shared/www/lab/logs/error.log
>             CustomLog /shared/www/lab/access.log combined
>          
>         </VirtualHost>
>         ------------------------------------------------------------------------------------------
>         /etc/fstab
>         ----------
>         #
>         # /etc/fstab
>         # Created by anaconda on Tue Jan 15 21:01:00 2013
>         #
>         # Accessible filesystems, by reference, are maintained under
>         '/dev/disk'
>         # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8)
>         for more info
>         #
>         /dev/mapper/fedora-root /                       ext4
>          defaults        1 1
>         UUID=f92ec976-f49c-496d-be24-2bd7391eec2e /boot
>         ext4    defaults        1 2
>         /dev/mapper/fedora-home /home                   ext4
>          defaults        1 2
>         /dev/mapper/fedora-swap swap                    swap
>          defaults        0 0
>         /dev/disk/by-uuid/E0D8317FD83154CE /windows auto
>         nosuid,nodev,nofail,x-gvfs-show,x-gvfs-name=Windows 0 0
>         /dev/disk/by-uuid/D0D6BF93D6BF7874 /shared
>         auto context="system_u:object_r:httpd_sys_content_t:s0" 0 0
>         =======================================================================================================
>          
>         /shared is an ntfs partition and /shared/www/public is the
>         root of the site lab.dev
> 
> Thanks for any assistance.
> 
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux