Bug 180482
Summary: | Cacti does not work with targeted policy (apache) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mike McGrath <imlinux> |
Component: | selinux-policy-targeted | Assignee: | James Antill <james.antill> |
Status: | CLOSED NEXTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-07-24 02:38:46 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mike McGrath
2006-02-08 15:27:47 UTC
Does it work with chcon -R -t httpd_log_t /var/log/cacti/ chcon --R -t httpd_var_lib_t /var/lib/cacti/rra/ The logs seem to work now (can be read) but rra doesn't seem to work. I assume you wanted -R instead of --R. Here's the audit logs: type=AVC msg=audit(1139522179.714:56): avc: denied { search } for pid=2851 comm="rrdtool" name="rra" dev=hda2 ino=5505259 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:httpd_var_lib_t tclass=dir type=SYSCALL msg=audit(1139522179.714:56): arch=40000003 syscall=5 success=no exit=-13 a0=805f048 a1=0 a2=1b6 a3=805d660 items=1 pid=2851 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="rrdtool" exe="/usr/bin/rrdtool" type=CWD msg=audit(1139522179.714:56): cwd="/usr/share/cacti" type=PATH msg=audit(1139522179.714:56): item=0 name="/usr/share/cacti/rra/localhost_traffic_in_18.rrd" flags=101 inode=5505259 dev=03:02 mode=040755 ouid=101 ogid=0 rdev=00:00 type=AVC msg=audit(1139522179.770:57): avc: denied { search } for pid=2852 comm="rrdtool" name="rra" dev=hda2 ino=5505259 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:httpd_var_lib_t tclass=dir type=SYSCALL msg=audit(1139522179.770:57): arch=40000003 syscall=5 success=no exit=-13 a0=9682cd8 a1=0 a2=1b6 a3=9683c80 items=1 pid=2852 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 comm="rrdtool" exe="/usr/bin/rrdtool" type=CWD msg=audit(1139522179.770:57): cwd="/usr/share/cacti" type=PATH msg=audit(1139522179.770:57): item=0 name="/usr/share/cacti/rra/localhost_proc_7.rrd" flags=101 inode=5505259 dev=03:02 mode=040755 ouid=101 ogid=0 rdev=00:00 Ok lets go back to chcon -R -t httpd_sys_content_t /var/lib/cacti/rra/ Updated in 2.2.19-2 Sorry, haven't had time to test this, I'll try to do it this weekend or early next week. Sorry this is long overdue. This has corrected the issues cacti was having. |