Re: Advice needed on SELinux policy
From: Mouse (urimobile_at_optonline.net)
Date: 05/30/05
- Next message: Martin Vaeth: "Re: How to log all commands?"
- Previous message: Dragan Cvetkovic: "Re: How to log all commands?"
- In reply to: nick4soup_at_yahoo.com.au: "Advice needed on SELinux policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 May 2005 16:43:20 -0400
to keep this short and sweet - just run "audit2allow -v -l <
/var/log/messages > audit.out". The output contains the rule you need to
add to
/etc/selinux/targeted/src/policy/domains/misc/custom.te file. After
that, "make policy install load" should save your day.
nick4soup@yahoo.com.au wrote:
>Hi,
>
>The basic problem I have is that I cannot run a PHP script that
>connects to a MySQL database, when I browse the URL. I have figured
>out that this is because of SELinux, refer pertinent log message below.
>
> /var/log/messages:
> May 23 05:54:22 jervois kernel: audit(1116791662.840:0): avc:
>denied { write } for pid=1755 exe=/usr/sbin/httpd name=mysql.sock
>dev=dm-0 ino=262316 scontext=user_u:system_r:httpd_t
>tcontext=user_u:object_r:var_lib_t tclass=sock_file
>
>I'm running the targeted policy, version 18 in enforcing mode. Is
>there a simple change that I can make to the policy so I can get it
>working?
>
>In the policy, I notice a httpd_php_t type (and several related ones)
>... is this meant to have something to do with it?
>
>Nick Bishop
>-----
>email replies ignored.
>-----
>BIBO = Bug In, Bug Out
>-oOo-
>
>
>
- Next message: Martin Vaeth: "Re: How to log all commands?"
- Previous message: Dragan Cvetkovic: "Re: How to log all commands?"
- In reply to: nick4soup_at_yahoo.com.au: "Advice needed on SELinux policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
