more latest selinux policy change problems
Stephen Smalley
sds at tycho.nsa.gov
Wed Jun 22 19:41:14 UTC 2005
On Tue, 2005-06-21 at 07:11 +0200, Peter Magnusson wrote:
> And how would I know what I should set the perms to get it working?
>
> Jun 21 06:27:25 sysbabe kernel: audit(1119328045.441:0): avc: denied {
> write } for pid=29609 exe=/usr/sbin/httpd name=userdb.dat dev=hda2
> ino=688180 scontext=root:system_r:httpd_t
> tcontext=system_u:object_r:httpd_sys_content_t tclass=file
> Jun 21 06:27:25 sysbabe kernel: audit(1119328045.442:0): avc: denied {
> write } for pid=29609 exe=/usr/sbin/httpd name=userdb.dat dev=hda2
> ino=688180 scontext=root:system_r:httpd_t
> tcontext=system_u:object_r:httpd_sys_content_t tclass=file
>
> is what is says. Same problem on an other vhost with an counter, just other
> name= of course.
Per earlier postings on this list, have you tried:
setsebool -P httpd_builtin_scripting=1 httpd_unified=1
> Did the fedora team expect problems like this to be created with the latest
> selinux policy change or is it a suprise for you? Its fine to have it by
> default in new release of fedora but not CHANGE it in a update.
I think it was a bug in the spec file's handling of the booleans file.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list