SELinux denies httpd access to /etc/my.cnf
Anthony Messina
amessina at messinet.com
Tue Oct 2 09:46:24 UTC 2007
I get the following in my logs, in permissive mode:
avc: denied { read } for comm="httpd" dev=sda2 egid=48 euid=48
exe="/usr/sbin/httpd" exit=32 fsgid=48 fsuid=48 gid=48 items=0 name="my.cnf"
pid=27369 scontext=root:system_r:httpd_t:s0 sgid=48
subj=root:system_r:httpd_t:s0 suid=48 tclass=file
tcontext=system_u:object_r:mysqld_etc_t:s0 tty=(none) uid=48
avc: denied { getattr } for comm="httpd" dev=sda2 egid=48 euid=48
exe="/usr/sbin/httpd" exit=0 fsgid=48 fsuid=48 gid=48 items=0 name="my.cnf"
path="/etc/my.cnf" pid=27369 scontext=root:system_r:httpd_t:s0 sgid=48
subj=root:system_r:httpd_t:s0 suid=48 tclass=file
tcontext=system_u:object_r:mysqld_etc_t:s0 tty=(none) uid=48
Should httpd be accessing this file? If so, how would I set up that
configuration? It seems that if this type of access is necessary, a boolean
would be in place.
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20071002/85aac2c1/attachment.sig>
More information about the fedora-selinux-list
mailing list