Request Tracker 3

[Colin Walters]

On Sun, 2005-01-30 at 20:06 -0500, Kanwar Ranbir Sandhu wrote:
> Hello Everyone,
> 
> Has anyone attempted to run RT3 (3.2.2) on a FC3 system?  I'm running
> into a bunch of selinux errors, and I'm having problems resolving the
> issue: I'm just not very familiar with selinux.

Have you seen the Fedora Apache/SELinux guide?
http://fedora.redhat.com/docs/selinux-apache-fc3/

> avc:  denied  { getattr } for  pid=681 exe=/usr/bin/perl path=/var/log
> dev=dm-5 ino=129025 scontext=root:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:var_log_t tclass=dir

Hmm.  Given that we allow access to httpd_log_t which is in the default
configuration a subdirectory of var_log_t, I'm surprised that this
access is not allowed.  Ideally though the app should not need this.

> avc:  denied  { ioctl } for  pid=693 exe=/usr/bin/perl
> path=/var/log/httpd/error_log dev=dm-5 ino=129070
> scontext=root:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:httpd_log_t tclass=file

This one is probably harmless; I think perl does an ioctl even on
regular files in many situations (to find out whether it's a tty?).

> avc:  denied  { read } for  pid=693 exe=/usr/bin/perl name=tmp dev=dm-3
> ino=12 scontext=root:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:tmp_t tclass=lnk_file

Is this /usr/tmp?  Try running "chcon -h -t usr_t /usr/tmp".  This is a
bug in our policy package because it doesn't presently ensure that it's
relabeled on upgrades.