selinux and ASP for Linux

Jason Dravet dravet at calumet.purdue.edu
Thu Mar 3 19:09:00 UTC 2005 

Here is what I come up with so far to get ASP for Linux to work:

chcon -R -h -t httpd_sys_content_t /opt/casp/INSTALL/ 
chcon -h -t httpd_sys_content_t
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/*.so
restorecon /opt/casp/server/lib/linux2_i686_optimized/*

I tried a 
chcon -R -h -t httpd_sys_script_t /opt/casp/INSTALL
and I get Permission denied

I also tried the chcon -R -h -t httpd_t /opt/casp/INSTALL
and again I get Permission denied

I did a restorecon on
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/*.so
but that gave me
Mar 1 19:48:26 cisit6 httpd: Cannot load
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca
sp2.so into server:
/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/mod_ca
sp2.so: failed to map segment from shared object: Permission denied

While the three commands at the top get things to work I get the following
in my /var/log/messages:

Mar  3 13:06:29 cisit6 kernel: audit(1109876789.001:0): avc:  denied  { read
} for  pid=9976 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl
path=/proc/5896/cmdline dev=proc ino=386400268
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:unconfined_t tclass=file
Mar  3 13:06:29 cisit6 kernel: audit(1109876789.001:0): avc:  denied  { read
write } for  pid=9976 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl
path=socket:[42392] dev=sockfs ino=42392
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:unconfined_t tclass=tcp_socket
Mar  3 13:06:29 cisit6 kernel: audit(1109876789.001:0): avc:  denied  { read
write } for  pid=9976 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl
path=/tmp/.pm-chili-psm dev=dm-0 ino=48581
scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:tmp_t
tclass=file
Mar  3 13:06:29 cisit6 kernel: audit(1109876789.002:0): avc:  denied  { read
write } for  pid=9976 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl
path=/tmp/.casp5101/.pm-chili-psm dev=dm-0 ino=81192
scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:tmp_t
tclass=file
Mar  3 13:06:29 cisit6 kernel: audit(1109876789.002:0): avc:  denied  { read
write } for  pid=9976 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl
path=socket:[43453] dev=sockfs ino=43453
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:unconfined_t tclass=tcp_socket
Mar  3 13:06:29 cisit6 kernel: audit(1109876789.002:0): avc:  denied  { read
write } for  pid=9976 exe=/opt/casp/tools/bin/linux2_i686/perl5/bin/perl
path=socket:[43465] dev=sockfs ino=43465
scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:unconfined_t tclass=tcp_socket
Mar  3 13:06:29 cisit6 kernel: audit(1109876789.006:0): avc:  denied  {
execute } for  pid=9976 path=/usr/lib/locale/locale-archive dev=dm-0
ino=263488 scontext=root:system_r:httpd_sys_script_t
tcontext=root:object_r:locale_t tclass=file
Mar  3 13:06:29 cisit6 kernel: audit(1109876789.007:0): avc:  denied  {
execute } for  pid=9976 path=/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION
dev=dm-0 ino=261166 scontext=root:system_r:httpd_sys_script_t
tcontext=system_u:object_r:locale_t tclass=file


Is there any good documentation for selinux that I can read to try to figure
how to fix the above?  Something that can explain what the messages mean.

Thanks,

Jason

More information about the selinux mailing list