Description of problem: See summary + details (grep'd /var/log/audit/audit.log): type=AVC msg=audit(1311599593.375:42): avc: denied { dac_override } for pid=2239 comm="paster" capability=1 scontext=unconfined_u:system_r:piranha_web_t:s0 tcontext=unconfined_u:system_r:piranha_web_t:s0 tclass=capability type=SYSCALL msg=audit(1311599593.375:42): arch=c000003e syscall=2 success=no exit=-13 a0=25a6810 a1=241 a2=1b6 a3=0 items=0 ppid=2214 pid=2239 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="paster" exe="/usr/bin/python" subj=unconfined_u:system_r:piranha_web_t:s0 key=(null) Version-Release number of selected component (if applicable): luci-0.24.0-2.fc14.x86_64 Steps to Reproduce: 0. (luci not installed, tested with fresh installation) 1. # yum install luci 2. # service luci start Actual results: Unable to create the luci base configuration file (`/var/lib/luci/etc/luci.ini'). Start luci... [FAILED] Expected results: Luci will start, regardless SELinux mode.
This should be fixed in http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=a94f0fb84c12532edc373c3b878b3ef8ebea62c3 The fix came along with solving bug #632536. Note: Python binary path is hard-coded, but this should be sufficient by now.
It should be explicitly mentioned that stated commit completes the changes made in http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=73f6bf3334e3c95ee4599ebebc4e4404aa04b780 (or "s/fixed in/fixed as of/" in previous comment)
Additional info (if "SELinux vs. luci" case ever needs further investigation): # rpm -q selinux-policy selinux-policy-3.9.7-42.fc14.noarch # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted And—under the line—another note which becomes interesting when compared to the situation with Fedora 15 (https://bugzilla.redhat.com/show_bug.cgi?id=725553#c3): > in order to start luci successfully, *all* "/usr/bin/paster" occurrences > have to be preceded by "/usr/bin/python" (whether with -Es switch or not, > see bug #632536), despite the fact that paster's shebang means (as far > as I can say) the same