SELinux and Cacti (and other webapps)
Tarek W.
mailinglists at lonecoder.net
Mon Dec 19 09:05:14 UTC 2005
A quick hack would be:
chcon -R --reference=/var/www/html /var/lib/cacti
Happy Hacking
On Mon, 2005-12-19 at 09:07 +0100, Aurelien Bompard wrote:
> Hi all,
>
> We're trying to package cacti for Fedora Extras:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175748
> and we're running into an SELinux problem. Cacti is a web frontend to
> RRDTool, an improved version of MRTG (which you might know).
> There is a script, run by cron, which create the statistics databases, and
> put them in /var/lib/cacti. The log goes into /var/log/cacti. Then, the web
> interfaces lets the user see theses statistics.
> The problem is that SELinux won't let httpd access /var/lib/cacti :
> type=AVC msg=audit(1134978797.695:45154): avc: denied { read } for
> pid=2605 comm="rrdtool" name="localhost_proc_7.rrd" dev=sda2 ino=981003
> scontext=root:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_lib_t tclass=file
>
> Httpd can't acces /var/log/cacti either.
> What should we do to make that work with SELinux ? Do we have to run chcon
> in the %post scriptlet (that sounds like an ugly hack) ? Should we move
> everything to /var/www ?
>
> Thanks for you help
>
> Aurélien
More information about the selinux
mailing list