On Thu, 4 Sep 2008 20:07:10 -0700 "Robert J. Carr" rjcarr@gmail.com wrote:
Hopefully this is a quick question to those that know SELinux more than I do, which wouldn't be very hard to accomplish.
I'm migrating a (working) environment from one server running Fedora 7 to another running Fedora 9. After pulling my hair out for most of the day I've found out the problem is with SELinux because when I turned it off temporarily everything worked fine.
Not to get into too much detail, but my problem came from apache not being able to access a file (although the error isn't quite that clear). Between the working environment and the non-working environment I can only see a couple differences in the selinux config files in /etc, but these have never been touched in either instance.
The context labels are a bit different too. The working environment has these selinux context labels:
user_u:object_r:httpd_sys_content_t
But the non-working environment has these context labels:
unconfined_u:object_r:httpd_sys_content_t:s0
It seems to get an extra field and the user changes to unconfined. Is this relevant?
There is nothing else that I can find different, is there anything else that could be the problem?
Any advice would be greatly appreciated.
You need to find the actual SELinux denials that are happening and post them. They'll be in /var/log/audit/audit.log if you're running the audit daemon, and /var/log/messages of you're not.
Paul.