Re: changes from fedora 7 to 9

[Paul Howarth <paul city-fan org>]

On Thu, 4 Sep 2008 20:07:10 -0700
"Robert J. Carr" <rjcarr gmail com> wrote:

> Hopefully this is a quick question to those that know SELinux more
> than I do, which wouldn't be very hard to accomplish.
> 
> I'm migrating a (working) environment from one server running Fedora 7
> to another running Fedora 9.  After pulling my hair out for most of
> the day I've found out the problem is with SELinux because when I
> turned it off temporarily everything worked fine.
> 
> Not to get into too much detail, but my problem came from apache not
> being able to access a file (although the error isn't quite that
> clear).  Between the working environment and the non-working
> environment I can only see a couple differences in the selinux config
> files in /etc, but these have never been touched in either instance.
> 
> The context labels are a bit different too.  The working environment
> has these selinux context labels:
> 
>   user_u:object_r:httpd_sys_content_t
> 
> But the non-working environment has these context labels:
> 
>   unconfined_u:object_r:httpd_sys_content_t:s0
> 
> It seems to get an extra field and the user changes to unconfined.  Is
> this relevant?
> 
> There is nothing else that I can find different, is there anything
> else that could be the problem?
> 
> Any advice would be greatly appreciated.

You need to find the actual SELinux denials that are happening and post
them. They'll be in /var/log/audit/audit.log if you're running the
audit daemon, and /var/log/messages of you're not.

Paul.