Abnormal Apache behavior.
Colin Walters
walters at redhat.com
Wed Jul 6 02:47:15 UTC 2005
On Wed, 2005-07-06 at 02:43 +0200, Stefan Held wrote:
> Hi guys.
>
> Dunno if this is not new to you, but i am experiencing a strange
> behavior of the apache in FC4 with selinux enabled.
>
> Ok. What have i done?
>
> First i wrote some php stuff and was wondering why the Server did not
> allow to get some files in /css and does not allow to connect via an
> network socket to the postgresql server.
Did you have a look at this guide?
http://fedora.redhat.com/docs/selinux-apache-fc3/
It needs to be updated for FC4, but should be helpful nonetheless.
> Then i restarted the Server with apachectl stop and apachectl start.
> From now on everything worked fine and like expected.
The reason I believe is because apachectl restarts the Apache httpd
daemon on its own. The way the Fedora targeted policy works for daemons
is that they are only confined when executed via the /etc/init.d/*
scripts, so when apachectl executes httpd it stays in unconfined_t.
This is to prevent issues such as the system administrator executing
"httpd -t" and causing a domain transition to httpd_t which isn't
allowed access to the administrator's terminal.
Probably we shouldn't ship the apachectl command in Fedora, instead
requiring using "service httpd restart".
More information about the fedora-selinux-list
mailing list