229150 – avc errors for httpd on init level change

Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.

Bug 229150 - avc errors for httpd on init level change

Summary: avc errors for httpd on init level change

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy-targeted
Sub Component:
Version:	6
Hardware:	i686
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-02-18 19:10 UTC by Christopher Beland
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-02-20 20:21:16 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
avc errors (3.00 KB, text/plain) 2007-02-18 19:10 UTC, Christopher Beland	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description Christopher Beland 2007-02-18 19:10:04 UTC

Description of problem:

I booted into runlevel 1, then hit CTRL-d to change into runlevel 5.  I got a
lot of avc errors (attached).

These names refer to files in a tree of custom Perl libraries that would be
loaded on httpd start for mod_perl.

RPM versions:
kernel-2.6.19-1.2895.fc6
selinux-policy-2.4.6-37.fc6
selinux-policy-targeted-2.4.6-37.fc6

SELinux is set to "Permissive" in system-config-securitylevel, and I haven't
changed the other settings there.

Comment 1 Christopher Beland 2007-02-18 19:10:04 UTC

Created attachment 148299 [details]
avc errors

Comment 2 Christopher Beland 2007-02-18 19:13:04 UTC

I should add that I ran "rmmod bcm43xx" while in init level 1.

Comment 3 Daniel Walsh 2007-02-20 20:19:15 UTC

These avc indicate apache is trying to read files labeled user_home_t.  Either
it is reading off your home directory or you moved (mv) files off your home
directory and now they are labeled incorrectly.

Similarly it is trying to read a file named session_data which is labeled tmp_t,
which httpd is not allowed to read.

You need to change the file context on these files/directories to some thing
httpd is allowed to use (httpd_sys_content_t)

If you want httpd to run on port 81 you need to tell selinux about it

semanage port -a -t http_port_t -p tcp 81

Note You need to log in before you can comment on or make changes to this bug.