selinux is a pain
Daniel J Walsh
dwalsh at redhat.com
Wed Sep 21 13:24:20 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/20/2011 07:37 PM, Martín Marqués wrote:
> 2011/9/20 David Quigley <selinux at davequigley.com>:
>> On 09/20/2011 16:17, Martín Marqués wrote:
>>>
>>> Yes, I get selinux alerts. I stated them in an earlier mail.
>>>
>>> From the alerts, the only one that gave me trouble was
>>> mod_python, and basically trac.
>>>
>>> Also, apache couldn't conect to the PostgreSQL server, but that
>>> I solved easilly.
>>>
>>>
>>
>> You mentioned earlier in the thread that you changed the location
>> of some things. Could you mention the customizations you've done
>> so Dan or I can help you with updating your file contexts
>> properly? Also posting your AVC denials to the fedora SELinux
>> list would help us figure out if its your setup or if its the
>> policy itself that is wrong. I guess you could post them here as
>> well if people are interested.
>
> As I sad. Trac repos are at /var/lib/trac/ and append permission
> is needed for the trac logs.
>
> Also saw some python execution problems from mod_python (apache).
>
> Just now I found this:
>
> SELinux is preventing /usr/libexec/postfix/bounce from search
> access on the directorio /var/spool/postfix/defer.
>
> I've seen these before
>
The postfix bounce issue is a known problem on RHEL6. You can get a
fix for this by downloading a preview of the 6.2 policy in yum
repository under
http://people.redhat.com/dwalsh/SELinux/RHEL6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk555YMACgkQrlYvE4MpobO2aQCfTqid8fkxu6wz5ls7xege1Fc9
+nMAnAzH6pnKJTTEBY79Xyi+dABYwg4g
=zxgL
-----END PGP SIGNATURE-----
More information about the users
mailing list