policy issue with munin

Alex mysqlstudent at gmail.com
Sun Apr 3 17:29:00 UTC 2011 

Hi,

I'm having trouble with munin on a fedora14 box and basic auth through
apache. Included below is the selinux report I receive when trying to
login. I have another installation where this same setup isn't a
problem, so I'm not sure why it would be a problem here. I've followed
the suggestions provided below to create a local policy, yet the
problem continues.

How can I troubleshoot this? Included below is the report that I received.

SELinux is preventing /usr/sbin/httpd from open access on the file
/etc/munin/htpasswd.users.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that httpd should be allowed open access on the
htpasswd.users file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:httpd_t:s0
Target Context                system_u:object_r:munin_etc_t:s0
Target Objects                /etc/munin/htpasswd.users [ file ]
Source                        httpd
Source Path                   /usr/sbin/httpd
Port                          <Unknown>
Host                          gary
Source RPM Packages           httpd-2.2.17-1.fc14
Target RPM Packages
Policy RPM                    selinux-policy-3.9.7-37.fc14
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     gary
Platform                      Linux alex 2.6.35.11-83.fc14.x86_64 #1 SMP Mon Feb
                              7 07:06:44 UTC 2011 x86_64 x86_64
Alert Count                   9
First Seen                    Sun 03 Apr 2011 12:39:10 PM EDT
Last Seen                     Sun 03 Apr 2011 12:39:20 PM EDT
Local ID                      31e62e21-19a8-44af-9555-5be1e0f704b4

Raw Audit Messages
type=AVC msg=audit(1301848760.437:29563): avc:  denied  { open } for
pid=1396 comm="httpd" name="htpasswd.users" dev=sda1 ino=3543833
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:munin_etc_t:s0 tclass=file


type=SYSCALL msg=audit(1301848760.437:29563): arch=x86_64 syscall=open
success=no exit=EACCES a0=7f24438bde48 a1=80000 a2=1b6 a3=33 items=0
ppid=1391 pid=1396 auid=4294967295 uid=48 gid=48 euid=48 suid=48
fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd
exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)

Hash: httpd,httpd_t,munin_etc_t,file,open

audit2allow

#============= httpd_t ==============
allow httpd_t munin_etc_t:file open;

audit2allow -R

#============= httpd_t ==============
allow httpd_t munin_etc_t:file open;

More information about the selinux mailing list