SELinux: avc: denied { associate }
Dominick Grift
dominick.grift at gmail.com
Mon Jan 21 10:13:03 UTC 2013
On Fri, 2013-01-18 at 20:48 +0000, Napoleon Quashie wrote:
> This has been "doing my head in" as the British will say. I've been
> battling it for days now. A post to Fedora forums and irc hasn't helped.
> You guys are my last resort. It goes like so:
>
I am not sure what you are trying to achieve here.
httpd_sys_content_t is a file type and not a file system type
Did you specify the following and if so, why?
auto context="system_u:object_r:httpd_sys_content_t:s0"
>
> 1. type=AVC msg=audit(1358529889.481:315): avc: denied { associate }
> for pid=1522 comm="httpd"name="access.log" scontext
> =system_u:object_r:httpd_sys_rw_content_t:s0tcontext
> =system_u:object_r:httpd_sys_content_t:s0 tclass=filesystem
> 2.
> 3. Was caused by:
> 4. Unknown - would be allowed by active policy
> 5. Possible mismatch between this policy and the one
> under which the audit message was generated.
> 6.
> 7. Possible mismatch between current in-memory boolean
> settings vs. permanent ones.
> 8.
> ------------------------------------------------------------------------------------------------
> 9.
> 10. <VirtualHost *:80>
> 11. ServerAdmin webmaster at localhost
> 12. ServerName lab.dev
> 13.
> 14. DocumentRoot /shared/www/lab/public
> 15.
> 16. <Directory /shared/www/lab/public/>
> 17. Options Indexes FollowSymLinks
> 18. AllowOverride All
> 19. Order allow,deny
> 20. Allow from all
> 21. </Directory>
> 22.
> 23. # Custom log file locations
> 24. LogLevel warn
> 25. ErrorLog /shared/www/lab/logs/error.log
> 26. CustomLog /shared/www/lab/access.log combined
> 27.
> 28. </VirtualHost>
> 29.
> ------------------------------------------------------------------------------------------
> 30. /etc/fstab
> 31. ----------
> 32. #
> 33. # /etc/fstab
> 34. # Created by anaconda on Tue Jan 15 21:01:00 2013
> 35. #
> 36. # Accessible filesystems, by reference, are maintained under
> '/dev/disk'
> 37. # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for
> more info
> 38. #
> 39. /dev/mapper/fedora-root / ext4 defaults
> 1 1
> 40. UUID=f92ec976-f49c-496d-be24-2bd7391eec2e /boot
> ext4 defaults 1 2
> 41. /dev/mapper/fedora-home /home ext4 defaults
> 1 2
> 42. /dev/mapper/fedora-swap swap swap defaults
> 0 0
> 43. /dev/disk/by-uuid/E0D8317FD83154CE /windows auto
> nosuid,nodev,nofail,x-gvfs-show,x-gvfs-name=Windows 0 0
> 44. /dev/disk/by-uuid/D0D6BF93D6BF7874 /shared auto context=
> "system_u:object_r:httpd_sys_content_t:s0" 0 0
> 45.
> =======================================================================================================
> 46.
> 47. /shared is an ntfs partition and /shared/www/public is the root of
> the site lab.dev
>
> Thanks for any assistance.
> This has been "doing my head in" as the British will say. I've been
> battling it for days now. A post to Fedora forums and irc hasn't
> helped. You guys are my last resort. It goes like so:
>
> type=AVC msg=audit(1358529889.481:315): avc: denied
> { associate } for pid=1522 comm="httpd"name="access.log" scontext=system_u:object_r:httpd_sys_rw_content_t:s0tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=filesystem
>
> Was caused by:
> Unknown - would be allowed by active policy
> Possible mismatch between this policy and the
> one under which the audit message was generated.
>
> Possible mismatch between current in-memory
> boolean settings vs. permanent ones.
> ------------------------------------------------------------------------------------------------
>
> <VirtualHost *:80>
> ServerAdmin webmaster at localhost
> ServerName lab.dev
>
> DocumentRoot /shared/www/lab/public
>
> <Directory /shared/www/lab/public/>
> Options Indexes FollowSymLinks
> AllowOverride All
> Order allow,deny
> Allow from all
> </Directory>
>
> # Custom log file locations
> LogLevel warn
> ErrorLog /shared/www/lab/logs/error.log
> CustomLog /shared/www/lab/access.log combined
>
> </VirtualHost>
> ------------------------------------------------------------------------------------------
> /etc/fstab
> ----------
> #
> # /etc/fstab
> # Created by anaconda on Tue Jan 15 21:01:00 2013
> #
> # Accessible filesystems, by reference, are maintained under
> '/dev/disk'
> # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8)
> for more info
> #
> /dev/mapper/fedora-root / ext4
> defaults 1 1
> UUID=f92ec976-f49c-496d-be24-2bd7391eec2e /boot
> ext4 defaults 1 2
> /dev/mapper/fedora-home /home ext4
> defaults 1 2
> /dev/mapper/fedora-swap swap swap
> defaults 0 0
> /dev/disk/by-uuid/E0D8317FD83154CE /windows auto
> nosuid,nodev,nofail,x-gvfs-show,x-gvfs-name=Windows 0 0
> /dev/disk/by-uuid/D0D6BF93D6BF7874 /shared
> auto context="system_u:object_r:httpd_sys_content_t:s0" 0 0
> =======================================================================================================
>
> /shared is an ntfs partition and /shared/www/public is the
> root of the site lab.dev
>
> Thanks for any assistance.
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
More information about the selinux
mailing list