[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

FC5, Apache, Bugzilla, SELinux issues



Greetings out there in Penguin-land!

I'm going through the rather painful process of installing Bugzilla on an SELinux FC5 box. I'm almost there now, I think, however I'm trying to add a local policy to SELinux for allowing Apache to execute .cgi scripts, and have hit a brick wall.

When I try to hit the Bugzilla page from a browser on the network I get this:

tail -f /var/log/messages output:

kernel: audit(1167911234.610:20): avc:  denied  { execute_no_trans } for  pid=28833 comm="httpd" name=" index.cgi" dev=dm-0 ino=34931972 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file

So, following the guide in the fedora docs Here I generated a local.te using audit2allow -m local -l -i /var/log/messages > local.te , compiled it using checkmodule -M -m -o local.mod local.te, packaged it using semodule_package -o local.pp -m local.mod, then attempted to add it to the current running policy using semodule -i local.pp . This point is where I get stuck. i'm seeing this output when I execute the command:

tail -f /var/log/messages output:

Jan  4 11:56:13 svn kernel: security:  3 users, 6 roles, 1481 types, 152 bools, 1 sens, 256 cats
Jan  4 11:56:13 svn kernel: security:  58 classes, 43474 rules
Jan  4 11:56:13 svn dbus: Can't send to audit system: USER_AVC avc:  received policyload notice (seqno=7) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)
Jan  4 11:56:13 svn dbus: Can't send to audit system: USER_AVC avc:  0 AV entries and 0/512 buckets used, longest chain length 0 : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)
Jan  4 11:56:13 svn kernel: audit( 1167911773.820:21): policy loaded auid=4294967295

After looking around, I saw on this mailing list that this might be a bug in SELinux-Policy that was fixed in version 2.3.14-3. Yum doesn't seem to know about this newer version. Am I barking up the wrong tree?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]