-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/21/2013 04:13 AM, Dominick Grift wrote:
On Fri, 2013-01-18 at 20:48 +0000, Napoleon Quashie wrote:
> This has been "doing my head in" as the British will say. I've been
> battling it for days now. A post to Fedora forums and irc hasn't helped.
> You guys are my last resort. It goes like so:
>
I am not sure what you are trying to achieve here.
httpd_sys_content_t is a file type and not a file system type
Did you specify the following and if so, why?
auto context="system_u:object_r:httpd_sys_content_t:s0"
>
> 1. type=AVC msg=audit(1358529889.481:315): avc: denied { associate }
> for pid=1522 comm="httpd"name="access.log" scontext
> =system_u:object_r:httpd_sys_rw_content_t:s0tcontext
> =system_u:object_r:httpd_sys_content_t:s0 tclass=filesystem 2. 3.
> Was caused by: 4. Unknown - would be allowed by active
> policy 5. Possible mismatch between this policy and the
> one under which the audit message was generated. 6. 7.
> Possible mismatch between current in-memory boolean settings vs.
> permanent ones. 8.
>
------------------------------------------------------------------------------------------------
>
>
9.
> 10. <VirtualHost *:80> 11. ServerAdmin
webmaster@localhost 12.
> ServerName lab.dev 13. 14. DocumentRoot /shared/www/lab/public 15.
> 16. <Directory /shared/www/lab/public/> 17. Options Indexes
> FollowSymLinks 18. AllowOverride All 19. Order
> allow,deny 20. Allow from all 21. </Directory> 22. 23. #
> Custom log file locations 24. LogLevel warn 25. ErrorLog
> /shared/www/lab/logs/error.log 26. CustomLog
> /shared/www/lab/access.log combined 27. 28. </VirtualHost> 29.
>
------------------------------------------------------------------------------------------
>
>
30. /etc/fstab
> 31. ---------- 32. # 33. # /etc/fstab 34. # Created by anaconda
on Tue
> Jan 15 21:01:00 2013 35. # 36. # Accessible filesystems, by reference,
> are maintained under '/dev/disk' 37. # See man pages fstab(5), findfs(8),
> mount(8) and/or blkid(8) for more info 38. # 39. /dev/mapper/fedora-root
> / ext4 defaults 1 1 40.
> UUID=f92ec976-f49c-496d-be24-2bd7391eec2e /boot ext4 defaults 1
> 2 41. /dev/mapper/fedora-home /home ext4 defaults 1
> 2 42. /dev/mapper/fedora-swap swap swap defaults 0
> 0 43. /dev/disk/by-uuid/E0D8317FD83154CE /windows auto
> nosuid,nodev,nofail,x-gvfs-show,x-gvfs-name=Windows 0 0 44.
> /dev/disk/by-uuid/D0D6BF93D6BF7874 /shared auto context=
> "system_u:object_r:httpd_sys_content_t:s0" 0 0 45.
>
=======================================================================================================
>
>
46.
> 47. /shared is an ntfs partition and /shared/www/public is the
root of
> the site lab.dev
>
> Thanks for any assistance. This has been "doing my head in" as the
> British will say. I've been battling it for days now. A post to Fedora
> forums and irc hasn't helped. You guys are my last resort. It goes like
> so:
>
> type=AVC msg=audit(1358529889.481:315): avc: denied { associate } for
> pid=1522 comm="httpd"name="access.log"
>
scontext=system_u:object_r:httpd_sys_rw_content_t:s0tcontext=system_u:object_r:httpd_sys_content_t:s0
> tclass=filesystem
>
> Was caused by: Unknown - would be allowed by active policy Possible
> mismatch between this policy and the one under which the audit message
> was generated.
>
> Possible mismatch between current in-memory boolean settings vs.
> permanent ones.
>
------------------------------------------------------------------------------------------------
>
> <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName lab.dev
>
> DocumentRoot /shared/www/lab/public
>
> <Directory /shared/www/lab/public/> Options Indexes FollowSymLinks
> AllowOverride All Order allow,deny Allow from all </Directory>
>
> # Custom log file locations LogLevel warn ErrorLog
> /shared/www/lab/logs/error.log CustomLog /shared/www/lab/access.log
> combined
>
> </VirtualHost>
>
------------------------------------------------------------------------------------------
>
>
/etc/fstab
> ---------- # # /etc/fstab # Created by anaconda on Tue Jan 15
21:01:00
> 2013 # # Accessible filesystems, by reference, are maintained under
> '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or
> blkid(8) for more info # /dev/mapper/fedora-root /
> ext4 defaults 1 1 UUID=f92ec976-f49c-496d-be24-2bd7391eec2e /boot
> ext4 defaults 1 2 /dev/mapper/fedora-home /home
> ext4 defaults 1 2 /dev/mapper/fedora-swap swap
> swap defaults 0 0 /dev/disk/by-uuid/E0D8317FD83154CE /windows
> auto nosuid,nodev,nofail,x-gvfs-show,x-gvfs-name=Windows 0 0
> /dev/disk/by-uuid/D0D6BF93D6BF7874 /shared auto
> context="system_u:object_r:httpd_sys_content_t:s0" 0 0
>
=======================================================================================================
>
> /shared is an ntfs partition and /shared/www/public is the root of the
> site lab.dev
>
> Thanks for any assistance.
>
>
> --
> selinux mailing list selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes this looks like he mounted a file system with a specific type and then is
trying to associate a type to that type. Which maybe we should allow by defualt.
allow file_type self:filesytem associate;
Having tools like cp -a fail seems a little silly here.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlD9bkMACgkQrlYvE4MpobNQFACghn++lez8D0e6coGDZiDr09Ld
uLEAn3L95kpR/lWyE/VyJZmGFKIF12S5
=8XCH
-----END PGP SIGNATURE-----