Bug 229150 - avc errors for httpd on init level change
avc errors for httpd on init level change
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
i686 Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-18 14:10 EST by Christopher Beland
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-20 15:21:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
avc errors (3.00 KB, text/plain)
2007-02-18 14:10 EST, Christopher Beland
no flags Details

  None (edit)
Description Christopher Beland 2007-02-18 14:10:04 EST
Description of problem:

I booted into runlevel 1, then hit CTRL-d to change into runlevel 5.  I got a
lot of avc errors (attached).

These names refer to files in a tree of custom Perl libraries that would be
loaded on httpd start for mod_perl.

RPM versions:
kernel-2.6.19-1.2895.fc6
selinux-policy-2.4.6-37.fc6
selinux-policy-targeted-2.4.6-37.fc6

SELinux is set to "Permissive" in system-config-securitylevel, and I haven't
changed the other settings there.
Comment 1 Christopher Beland 2007-02-18 14:10:04 EST
Created attachment 148299 [details]
avc errors
Comment 2 Christopher Beland 2007-02-18 14:13:04 EST
I should add that I ran "rmmod bcm43xx" while in init level 1.
Comment 3 Daniel Walsh 2007-02-20 15:19:15 EST
These avc indicate apache is trying to read files labeled user_home_t.  Either
it is reading off your home directory or you moved (mv) files off your home
directory and now they are labeled incorrectly.

Similarly it is trying to read a file named session_data which is labeled tmp_t,
which httpd is not allowed to read.

You need to change the file context on these files/directories to some thing
httpd is allowed to use (httpd_sys_content_t)

If you want httpd to run on port 81 you need to tell selinux about it

semanage port -a -t http_port_t -p tcp 81

Note You need to log in before you can comment on or make changes to this bug.