selinux blocking ganglia-web
Kevin H. Hobbs
hobbsk at ohio.edu
Mon Oct 1 11:02:48 UTC 2012
On 09/29/2012 06:59 AM, Daniel J Walsh wrote:
>
> Sometimes those reports are worth reading...
>
Yes, yes they are.
I should have piped it to less.
The specific solution was at the top where it's the first thing
the reader sees in a pager like less or in the GUI selinux
debugger. This is the correct placement.
I missed the specific solution the first time I read the message
because I read from bottom to top as I scrolled backwards through
my terminal output where I saw first a description of how to let
httpd make arbitrary connections (bad), followed by some very
general information about the selinux alert itself, where I
stopped reading.
Google was _very_ unhelpful on the subject of selinux, ganglia,
and httpd. All I got were recommendations for some cluster suit
that selinux had to be disabled entirely (it does not.)
Dear Google,
The command :
semanage port -a -t http_port_t -p tcp 8652
allows httpd to talk to ganglia's gmetad despite the selinux
restriction on httpd making arbitrary connections.
I misspelled gmetad in the earlier message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20121001/27da9141/attachment.sig>
More information about the users
mailing list