Recent SEL problems on FC3 box - named & dhcpd
Ruth Ivimey-Cook
Ruth.Ivimey-Cook at ivimey.org
Tue Mar 22 21:09:29 UTC 2005
On Tue, 2005-03-22 at 10:48 -0500, Stephen Smalley wrote:
> This suggests that your filesystem isn't labeled. Touch /.autorelabel
> and reboot, or manually boot single-user and run /sbin/fixfiles relabel.
I've done that, and it does seem to have fixed the problems with named
and dhcpd. At least, there are no more avc messages.
However, it seems to have disabled my web server. I guess this is
because I'm strange and prefer the web root to be /web, not /var/www.
I have tried adding lines (below) into apache.fc and then running 'make'
in src/policy, but it didn't help.
HOME_DIR/((www)|(web)|(public_html))(/.+)?
system_u:object_r:httpd_ROLE_content_t
/web(/.*)? system_u:object_r:httpd_sys_content_t
/web/cgi-bin(/.*)?
system_u:object_r:httpd_sys_script_exec_t
/var/www(/.*)? system_u:object_r:httpd_sys_content_t
/var/www/cgi-bin(/.*)?
system_u:object_r:httpd_sys_script_exec_t
I later tried adding the audit2allow lines to apache.te and running
make, but that failed too.
allow httpd_t default_t:dir { getattr search };
allow httpd_t default_t:file { getattr read };
allow httpd_t default_t:lnk_file read;
What am I doing wrong?
Ruth
--
Ruth Ivimey-Cook <ruth at ivimey.org>
More information about the fedora-selinux-list
mailing list