Hi,
I'm having trouble with munin on a fedora14 box and basic auth through
apache. Included below is the selinux report I receive when trying to
login. I have another installation where this same setup isn't a
problem, so I'm not sure why it would be a problem here. I've followed
the suggestions provided below to create a local policy, yet the
problem continues.
How can I troubleshoot this? Included below is the report that I received.
SELinux is preventing /usr/sbin/httpd from open access on the file
/etc/munin/htpasswd.users.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that httpd should be allowed open access on the
htpasswd.users file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:munin_etc_t:s0
Target Objects /etc/munin/htpasswd.users [ file ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host gary
Source RPM Packages httpd-2.2.17-1.fc14
Target RPM Packages
Policy RPM selinux-policy-3.9.7-37.fc14
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name gary
Platform Linux alex 2.6.35.11-83.fc14.x86_64 #1 SMP Mon Feb
7 07:06:44 UTC 2011 x86_64 x86_64
Alert Count 9
First Seen Sun 03 Apr 2011 12:39:10 PM EDT
Last Seen Sun 03 Apr 2011 12:39:20 PM EDT
Local ID 31e62e21-19a8-44af-9555-5be1e0f704b4
Raw Audit Messages
type=AVC msg=audit(1301848760.437:29563): avc: denied { open } for
pid=1396 comm="httpd" name="htpasswd.users" dev=sda1 ino=3543833
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:munin_etc_t:s0 tclass=file
type=SYSCALL msg=audit(1301848760.437:29563): arch=x86_64 syscall=open
success=no exit=EACCES a0=7f24438bde48 a1=80000 a2=1b6 a3=33 items=0
ppid=1391 pid=1396 auid=4294967295 uid=48 gid=48 euid=48 suid=48
fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd
exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,munin_etc_t,file,open
audit2allow
#============= httpd_t ==============
allow httpd_t munin_etc_t:file open;
audit2allow -R
#============= httpd_t ==============
allow httpd_t munin_etc_t:file open;