[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [rhelv5-list] restorecon fails for resolv.conf



On Fri, 2011-09-16 at 17:19 +0200, Rainer Traut wrote:
> Hi,
> 
> I'm testing httpd with selinux in enforcing mode.
> When starting httpd with default config I see this:
> 
> # service httpd start
> httpd starten: httpd: apr_sockaddr_info_get() failed for wwwtest.xxx
> httpd: Could not reliably determine the server's fully qualified domain 
> name, using 127.0.0.1 for ServerName [  OK]
> 
> with further investigation:
> 
> host=wwwtest.xxx type=AVC msg=audit(1316185060.545:463): avc:  denied  { 
> read } for  pid=23381 comm="httpd" name="resolv.conf" dev=sda2 
> ino=574037 scontext=user_u:system_r:httpd_t:s0 
> tcontext=system_u:object_r:file_t:s0 tclass=file
> 
> host=wwwtest.xxx type=SYSCALL msg=audit(1316185060.545:463): 
> arch=c000003e syscall=2 success=no exit=-13 a0=2ab98db308e8 a1=0 a2=1b6 
> a3=0 items=0 ppid=23380 pid=23381 auid=502 uid=0 gid=0 euid=0 suid=0 
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=23 comm="httpd" 
> exe="/usr/sbin/httpd" subj=user_u:system_r:httpd_t:s0 key=(null)
> 
> But why is restorecon failing?
> 
> # ls -Z /etc/resolv.conf
> -rw-r--r--  root root system_u:object_r:file_t         /etc/resolv.conf
> 
> # restorecon -v /etc/resolv.conf
> restorecon set context /etc/resolv.conf->system_u:object_r:net_conf_t:s0 
> failed:'Operation not permitted'

id
lsattr /etc/resolv.conf

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]