[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: FC5, Apache, Bugzilla, SELinux issues



Once again, thanks to all who helped.  I have Bugzilla successfully up and running on FC5 with SELinux!

A few notes about my experiences:

My install was Bugzilla 2.22.1, which had a bug in the groups preferences page.  I grabbed the patch and after applying it the whole site went back to being broken.

I reloaded the policy and reran restorecon -rv /var/lib/bugzilla /var/www/html/bugzilla/ then all was well again.

If anyone has further questions feel free to ask.

Cheers.

R.


On 04/01/07, Steve G < linux_4ever yahoo com> wrote:

>in /var/log/messages i see a similar error to my original post:
>
>Jan  4 15:57:11 svn kernel: security:  3 users, 6 roles, 1489 types, 153 bools,
1 >sens, 256 cats
>Jan  4 15:57:11 svn kernel: security:  58 classes, 43765 rules
>Jan  4 15:57:11 svn dbus: Can't send to audit system: USER_AVC avc:  received
>policyload notice (seqno=13) : exe="?" (sauid=81, hostname=?, addr=?,
terminal=?)

These are not errors. Part of the problem is that the libselinux audit callback
API only allows a format and varargs to be passed to the logging function. This
means the logger has to assume that everything it sees is an AVC so it doesn't
miss one. I'd like to correct this API problem at some point during FC7 devel
cycle so that the message type is also passed to the logger. This way we can
properly label the audit events so that it says USER_POLICY_LOAD instead of
USER_AVC which tends to get people excited.

I also think that dbus could do a slightly better job of determining when it
should send an audit message vs simply syslogging it. The user session bus does
not have the privileges necessary to write to the audit system.

-Steve

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]