Hello everyone. the HTTP server don't start on boot, it send the following message sort of, it was difficult to copy because it showed only in the start up process and no log messages in any log file. Message: Address Family for Hostname not supported: (EAI 9) alloc_listener failed to setup sockaddr for 127.0.0.1. That is the message sort of. This happen when i setup the option Listen 127.0.0.1:80, when i start manually the httpd server start successfully, but not on boot. It say too that there is an syntax error in the line where is the sentence Listen, but if i run the syntax check the HTTP said the syntax is OK. I'm using fedora 9 with the latest updates. selinux 3.3.1-55 httpd 2.2.8-3 kernel 2.6.25.3-18

Hi everyone, Over the last few days, I have managed to upgrade myself from FC4 (yes, really!) all the way to Fedora 9. My system is an X86_64 dual-core Intel box with 8GB of memory and it seems to run so much faster with a smaller memory footprint under F9. Thanks to all the Fedora developers! My problem is that after the upgrades I was getting all sorts of SELinux errors (from practically every application), so I figured that I would go ahead and relabel the filesystems. After the relabel, I was still getting dozens of errors per second, so I changed SELinux to Permissive mode (via /etc/selinux/config), rebooted and the system is now working. However, I would like to get SELinux to work in Enforcing mode. I have the following SELinux related packages installed: # yum list all selinux* Installed Packages selinux-doc.noarch 1.26-1.1 installed selinux-policy.noarch 3.3.1-55.fc9 installed selinux-policy-targeted.noarch 3.3.1-55.fc9 installed Available Packages selinux-policy-devel.noarch 3.3.1-55.fc9 updates selinux-policy-mls.noarch 3.3.1-55.fc9 updates These are the types of errors I was seeing: Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486109.144:12): avc: denied { getattr } for pid=1495 comm="restorecon" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486109.316:13): avc: denied { getattr } for pid=1503 comm="dmsetup" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:lvm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486109.934:14): avc: denied { getattr } for pid=1513 comm="fsck" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486110.804:15): avc: denied { getattr } for pid=1519 comm="mount" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 3 02:42:12 satyr kernel: type=1400 audit(1212486112.460:16): avc: denied { getattr } for pid=1564 comm="swapon" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 3 02:42:13 satyr kernel: type=1400 audit(1212486124.825:21): avc: denied { getattr } for pid=1907 comm="restorecond" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:restorecond_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 3 02:42:13 satyr kernel: type=1400 audit(1212486125.516:22): avc: denied { getattr } for pid=2015 comm="iptables" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 3 02:42:13 satyr kernel: type=1400 audit(1212486127.411:23): avc: denied { getattr } for pid=2888 comm="mcstransd" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem Jun 3 02:43:58 satyr dbus: avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=4598 scontext=user_u:system_r:update_modules_t:s0 tcontext=user_u:system_r:update_modules_t:s0 tclass=dbus Jun 3 02:43:59 satyr dbus: avc: denied { acquire_svc } for service=org.kde.klauncher spid=4608 scontext=user_u:system_r:update_modules_t:s0 tcontext=user_u:system_r:update_modules_t:s0 tclass=dbus Any help in getting this working would be very appreciated! Thanks. ---Kayvan -- Kayvan A. Sylvan | Proud husband of | Father to my kids: Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89) http://sylvan.com/~kayvan | my beautiful Queen. | Robin Gregory (2/28/92) -- fedora-selinux-list mailing list fedora-selinux-list(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

You might need to check your user database semanage user -l semanage login -l

Carlos Chavez wrote: > Hello everyone. > > the HTTP server don't start on boot, it send the following message sort > of, > it was difficult to copy because it showed only in the start up process > and > no log messages in any log file. > > Message: Address Family for Hostname not supported: (EAI 9) alloc_listener > failed to setup sockaddr for 127.0.0.1. > That is the message sort of. > > This happen when i setup the option Listen 127.0.0.1:80, when i start > manually the httpd server start successfully, but not on boot. > > It say too that there is an syntax error in the line where is the sentence > Listen, but if i run the syntax check the HTTP said the syntax is OK. > > I'm using fedora 9 with the latest updates. > selinux 3.3.1-55 > httpd 2.2.8-3 > kernel 2.6.25.3-18 > My wild guess at the cause of this would be that NetworkManager hasn't started the network at the time the httpd initscript runs. Are there any indications in the logs (such as avc denials) that this is an selinux issue? Paul.

On Tue, 2008-06-03 at 05:46 -0600, Carlos Chavez wrote: > Hi Paul. > > No, there is no avc denials error messages or other selinux related > error messages in the logs. > The error messages that i post is showed only in the start up process > but no other messages is send to any log file. > > What i did in order to associated the error to selinux was stoped > selinux, when i stop selinux and restart the PC the httpd start with > no problems at boot time. > > I'm not sure about the NetworkManager in the logs it seems that load > correctly at boot time and set the network parameter as soon as the > process start, no delay for that. > > I have configure the ntpd to synchronize the date/time and this works > fine, this need the network device setup, so i think the > NetworkManager works too. Are you sure you are looking in the right place for those selinux denial messages? look for 'denied' in /var/log/messages and look at the output of ausearch -m AVC -Eric

Hi Eric. I think so. cat /var/log/messages | grep denied cat /var/log/messages | grep avc any command show no output and ausearch -m AVC show this: ---- time->Tue Jun 3 23:39:03 2008 type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11 success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0 ppid=2878 pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null) type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0 ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0 ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file that messages was when a restart the NetworkManager as root on a shell. Cheers. Carlos Chávez.