Webdav problems in enforcing mode in Raw Hide

Nicolas Mailhot nicolas.mailhot at laposte.net
Mon Oct 31 09:14:03 UTC 2005 

Hi,

I've just test tested webdav in enforcing mode on Fedora Devel and it
doesn't work :


- apache needs rw access on /srv (don't know where the default dav root
should be, I put it in srv since its seems the FHS wants this kind of
stuff there)

type=AVC msg=audit(1130749513.951:3772): avc:  denied  { read } for
pid=11759 comm="httpd" name="nim" dev=dm-0 ino=1048598
scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_t:s0
tclass=dir
type=SYSCALL msg=audit(1130749513.951:3772): arch=c000003e syscall=2
success=no exit=-13 a0=5555558ca410 a1=10800 a2=5555558c7ff8
a3=5555558c58a7 items=1 pid=11759 auid=4294967295 uid=48 gid=48 euid=48
suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="httpd"
exe="/usr/sbin/httpd"



- it also needs rw acces to its default /var/lib/dav/lockdb.dir

type=AVC msg=audit(1130749738.930:3777): avc:  denied  { write } for
pid=11766 comm="httpd" name="lockdb.dir" dev=dm-0 ino=2392524
scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1130749738.930:3777): arch=c000003e syscall=2
success=no exit=-13 a0=5555558c7580 a1=42 a2=1b6 a3=3 items=1 pid=11766
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
type=CWD msg=audit(1130749738.930:3777):  cwd="/"
type=PATH msg=audit(1130749738.930:3777): item=0
name="/var/lib/dav/lockdb.dir" flags=310  inode=2392223 dev=fd:00
mode=040700 ouid=48 ogid=48 rdev=00:00


On another topic I still have spamassassin procmail problems :

type=CWD msg=audit(1130749836.551:3779):  cwd="/home/nim/.maildir"
type=PATH msg=audit(1130749836.551:3779): item=0 name="/usr/bin/spamc"
flags=1  inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1130749839.979:3780): avc:  denied  { execute } for
pid=11852 comm="procmail" name="spamc" dev=dm-0 ino=3349141
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1130749839.979:3780): arch=c000003e syscall=59
success=no exit=-13 a0=51c1d1 a1=51c170 a2=51bfc0 a3=51c1d1 items=1
pid=11852 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="procmail" exe="/usr/bin/procmail"
type=CWD msg=audit(1130749839.979:3780):  cwd="/home/nim/.maildir"
type=PATH msg=audit(1130749839.979:3780): item=0 name="/usr/bin/spamc"
flags=101  inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1130749839.983:3781): avc:  denied  { getattr } for
pid=11852 comm="sh" name="spamc" dev=dm-0 ino=3349141
scontext=system_u:system_r:postfix_local_t:s0
tcontext=system_u:object_r:spamc_exec_t:s0 tclass=filetype=SYSCALL
msg=audit(1130749839.983:3781): arch=c000003e syscall=4 success=no
exit=-13 a0=6bf780 a1=7fffffefb5c0 a2=7fffffefb5c0 a3=2 items=1
pid=11852 auid=4294967295 uid=500 gid=500 euid=500 suid=500 fsuid=500
egid=500 sgid=500 fsgid=500 comm="sh" exe="/bin/bash"
type=AVC_PATH msg=audit(1130749839.983:3781):  path="/usr/bin/spamc"
type=CWD msg=audit(1130749839.983:3781):  cwd="/home/nim/.maildir"
type=PATH msg=audit(1130749839.983:3781): item=0 name="/usr/bin/spamc"
flags=1  inode=3349141 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00



Package versions :

selinux-policy-targeted-1.27.2-10
libselinux-1.27.17-1

Regards,

-- 
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20051031/499fc152/attachment.bin

More information about the selinux mailing list