Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 229150 - avc errors for httpd on init level change
Summary: avc errors for httpd on init level change
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 6
Hardware: i686
OS: Linux
medium
low
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-18 19:10 UTC by Christopher Beland
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-20 20:21:16 UTC


Attachments (Terms of Use)
avc errors (deleted)
2007-02-18 19:10 UTC, Christopher Beland
no flags Details

Description Christopher Beland 2007-02-18 19:10:04 UTC
Description of problem:

I booted into runlevel 1, then hit CTRL-d to change into runlevel 5.  I got a
lot of avc errors (attached).

These names refer to files in a tree of custom Perl libraries that would be
loaded on httpd start for mod_perl.

RPM versions:
kernel-2.6.19-1.2895.fc6
selinux-policy-2.4.6-37.fc6
selinux-policy-targeted-2.4.6-37.fc6

SELinux is set to "Permissive" in system-config-securitylevel, and I haven't
changed the other settings there.

Comment 1 Christopher Beland 2007-02-18 19:10:04 UTC
Created attachment 148299 [details]
avc errors

Comment 2 Christopher Beland 2007-02-18 19:13:04 UTC
I should add that I ran "rmmod bcm43xx" while in init level 1.

Comment 3 Daniel Walsh 2007-02-20 20:19:15 UTC
These avc indicate apache is trying to read files labeled user_home_t.  Either
it is reading off your home directory or you moved (mv) files off your home
directory and now they are labeled incorrectly.

Similarly it is trying to read a file named session_data which is labeled tmp_t,
which httpd is not allowed to read.

You need to change the file context on these files/directories to some thing
httpd is allowed to use (httpd_sys_content_t)

If you want httpd to run on port 81 you need to tell selinux about it

semanage port -a -t http_port_t -p tcp 81



Note You need to log in before you can comment on or make changes to this bug.