Bug 229150 - avc errors for httpd on init level change
Summary: avc errors for httpd on init level change
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 6
Hardware: i686
OS: Linux
medium
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-18 19:10 UTC by Christopher Beland
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2007-02-20 20:21:16 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
avc errors (3.00 KB, text/plain)
2007-02-18 19:10 UTC, Christopher Beland
no flags Details

Description Christopher Beland 2007-02-18 19:10:04 UTC
Description of problem:

I booted into runlevel 1, then hit CTRL-d to change into runlevel 5.  I got a
lot of avc errors (attached).

These names refer to files in a tree of custom Perl libraries that would be
loaded on httpd start for mod_perl.

RPM versions:
kernel-2.6.19-1.2895.fc6
selinux-policy-2.4.6-37.fc6
selinux-policy-targeted-2.4.6-37.fc6

SELinux is set to "Permissive" in system-config-securitylevel, and I haven't
changed the other settings there.

Comment 1 Christopher Beland 2007-02-18 19:10:04 UTC
Created attachment 148299 [details]
avc errors

Comment 2 Christopher Beland 2007-02-18 19:13:04 UTC
I should add that I ran "rmmod bcm43xx" while in init level 1.

Comment 3 Daniel Walsh 2007-02-20 20:19:15 UTC
These avc indicate apache is trying to read files labeled user_home_t.  Either
it is reading off your home directory or you moved (mv) files off your home
directory and now they are labeled incorrectly.

Similarly it is trying to read a file named session_data which is labeled tmp_t,
which httpd is not allowed to read.

You need to change the file context on these files/directories to some thing
httpd is allowed to use (httpd_sys_content_t)

If you want httpd to run on port 81 you need to tell selinux about it

semanage port -a -t http_port_t -p tcp 81



Note You need to log in before you can comment on or make changes to this bug.