Bug 1000736
Summary: | munin zooming doesn't work with selinux | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Peter Schiffer <pschiffe> | ||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.6 | CC: | drjohnson1, dwalsh, ingvar, mtruneck, pschiffe | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-10-30 09:46:03 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Can you run this and post the results? ls -Z /var/log/munin/ It looks like the context is not setup properly. Have you already tried restorecon? # ls -Z /var/log/munin/ -rw-r--r--. apache apache system_u:object_r:munin_log_t:s0 munin-cgi-graph.log -rw-r--r--. munin munin system_u:object_r:munin_log_t:s0 munin-graph.log -rw-r--r--. munin munin system_u:object_r:munin_log_t:s0 munin-html.log -rw-r--r--. munin munin system_u:object_r:munin_log_t:s0 munin-limits.log -rw-r--r--. munin munin system_u:object_r:munin_log_t:s0 munin-update.log # restorecon -FRvv /var/log/munin/ # I tried restorecon but it's still the same result. I also tried changing context of munin-cgi-graph.log file to httpd_log_t but that didn't help either. This is error log from apache: [Sun Aug 25 11:59:44 2013] [error] [client XXX] 2013/08/25 11:59:44 [FATAL] munin_readconfig_part(datafile) - missing file, referer: http://XXX/munin/static/dynazoom.html?cgiurl_graph=/munin-cgi/munin-cgi-graph&plugin_name=localhost/localhost/apache_processes&size_x=800&size_y=400&start_epoch=1377316503&stop_epoch=1377424503 [Sun Aug 25 11:59:44 2013] [error] [client XXX] Premature end of script headers: munin-cgi-graph, referer: http://XXX/munin/static/dynazoom.html?cgiurl_graph=/munin-cgi/munin-cgi-graph&plugin_name=localhost/localhost/apache_processes&size_x=800&size_y=400&start_epoch=1377316503&stop_epoch=1377424503 Changing to selinux-policy for a policy update. Where is munin-cgi-graph located? And how it is labeled? # ls -Z PATHTO/munin-cgi-graph # ls -Z /var/www/cgi-bin -rwxr-xr-x. root munin system_u:object_r:httpd_sys_script_exec_t:s0 munin-cgi-graph -rwxr-xr-x. root munin system_u:object_r:httpd_sys_script_exec_t:s0 munin-cgi-html We need to back port changes from Fedora. # chcon -t httpd_munin_script_exec_t /var/www/cgi-bin/munin-cgi* More fixes have been added during RHEL6.5 cycle related to munin and this bug should be fixed. If no, please re-open the bug and it will be addressed in RHEL6.6. |
Created attachment 789900 [details] audit.log Description of problem: zooming doesn't work when selinux is in enforcing mode Version-Release number of selected component (if applicable): munin-2.0.17-1.el6.noarch selinux-policy-3.7.19-195.el6_4.12.noarch selinux-policy-targeted-3.7.19-195.el6_4.12.noarch Steps to Reproduce: 1. click on munin graph to zoom in Actual results: no graph image Expected results: graph image Additional info: it works with selinux in permissive mode