Help with messed up F11 SELinux
Steve Blackwell
zephod at cfl.rr.com
Thu Apr 29 17:39:01 UTC 2010
On Wed, 28 Apr 2010 13:27:58 -0400
Daniel J Walsh <dwalsh at redhat.com> wrote:
> > Now I can connect to the server but I get a different AVC:
> >
> > Raw Audit Messages :
> > node=steve.blackwell type=AVC msg=audit(1272391254.10:349): avc:
> > denied { read } for pid=406 comm="perl5.10.0" name="disk" dev=dm-0
> > ino=32931842 scontext=system_u:system_r:httpd_t:s0
> > tcontext=system_u:object_r:mnt_t:s0 tclass=lnk_file
> >
> > node=steve.blackwell type=SYSCALL msg=audit(1272391254.10:349):
> > arch=40000003 syscall=195 success=no exit=-13 a0=8d02824 a1=8b8e0c0
> > a2=4fbff4 a3=8b8e008 items=0 ppid=2033 pid=406 auid=4294967295
> > uid=48 gid=48 euid=495 suid=495 fsuid=495 egid=48 sgid=48 fsgid=48
> > tty=(none) ses=4294967295 comm="perl5.10.0"
> > exe="/usr/bin/perl5.10.0" subj=system_u:system_r:httpd_t:s0
> > key=(null)
> >
> > disk is a link to an external USB drive where I keep the backups
> >
> > [root at steve ~]# ls -lZ /media
> > drwxr-xr-x. root root system_u:object_r:mnt_t:s0
> > <the USB disk UUID>
> > lrwxrwxrwx. root root system_u:object_r:mnt_t:s0 disk ->
> > <the USB disk UUID>
> >
> > So do I need to relabel the disk httpd_sys_content_t next?
> You could use something like
> mount -o context="system_u:object_r:httpd_sys_content_t:s0"
>
> Which will tell mount to mount your disk with this label.
I'm sure that would work but the disk is mounted by the automounter and
I'd have to dig into that to figure out where to put those options.
I went ahead and relabeled and it seems to be working. Now I just have
to solve the issues I was having with BackupPC when I was running in
permissive mode.
Thanks,
Steve
More information about the selinux
mailing list