Displaying 20 results from an estimated 800 matches similar to: "httpd and selinux"
2007 Mar 12
2
selinux disable but still working
I have some centos 4.4 server. i have disable selinux for some software
problem:
# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disable
#
2008 Aug 01
2
BackupPC 3.1.0 on CentOS 5.2 triggers SE Linux denial
Hi. I've installed BackupPC 3.1.0 from Testing repository, to Cent
OS 5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot
talk to the BackupPC socket:
type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied {
connectto } for pid=11767 comm=httpd
path=/var/log/BackupPC/BackupPC.sock
scontext=user_u:system_r:httpd_t:s0
tcontext=user_u:system_r:initrc_t:s0
2008 Aug 23
2
CentOS 5.2 + SELinux + Apache/PHP + Postfix
Hi All,
I'm running CentOS 5.2 with SELinux in enforcing mode (default
targeted policy). The server hosts a PHP web app that sends mail. I'm
getting the following errors (see end of message) in my selinux
audit.log file every time the app sends an email. The email always
seems to get sent successfully, despite the log messages. However,
they do concern me and I would like to understand
2008 Nov 30
4
Apache, SELinux, and document root on a different partition
I want to put the document root for an application on a separate paritition
that has more space. When I try to configure this I can't access the files
in the new location. I've got the SELinux attributes set on the directory
and its files, so I'm thinking it's something about the parent path that
SELinux doesn't like, but I don't know where that's handled.
My
2006 Oct 09
2
Directories not writable (Apache/PHP)
Hi,
I have a new CentOS sever install. I've also installed suPHP to
replicate a live server.
When I upload file via FTP the permissions seem OK, however the
directories copied are not writable?? Any ideas?
I have tried chmod 777 and that's not working either. Could is be a
suPHP issue?
I have 'suPHP_UserGroup GROUP USER' setup in my virtual directory and
the user is also in the
2007 Dec 17
2
Digest Subcriber needs help with SELinux file context setting
CentOS-5.1
I need some help with setting up the SELinux context for a custom httpd
directory so that I can write log files into it. This is what I have:
In my virtual host config file:
RewriteEngine on
RewriteLog /etc/httpd/virtual.d/trac-rewrite.log
# RewriteLogLevel 0=off 1=basic 2=verbose 3+=module developer debuging
RewriteLogLevel 0
If /etc/httpd/virtual.d/trac-rewrite.log does
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2011 Jan 31
1
Squid and SELinux
Hi.
I'm trying to setup squid with SELinux, the problem i encounter is taht
i want to add another directory for cache, in this system we have a home
partition with huge space, i create a squid dir and add the path with
semanage:
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
i check the files and are in the good context:
drwxr-xr-x squid squid
2006 Aug 25
1
SELinux targeted - named, portmap and syslogd errors
Yesterday I activated SELinux in targeted mode, then I rebooted and started
receiving some error messages in the system services initialization:
======================================================================
audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd"
name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t
2015 Apr 01
1
SEmodule dependency hell.
I want you all to see what I went through trying to simply reassign
(unsuccessfully) the context of a well-known port.
To the best of my ability to recall none of the packages mentioned
below are even installed on the host in question. Why are these
dependices preventing me from removing a disused SELinux policy.
I have done exactly that, reassign port contexts, in the past without
encountering
2011 Apr 25
2
Samba can't access dir - SELinux problem?
Hello,
I was using CentOS 5.5 as a "playground" VM at my WinXP notebook
and now I'm migrating to a new CentOS 5.6 install
and everything has worked well - except samba.
I have this very permissive config to export my ~/src dir:
# cat /etc/samba/smb.conf
[global]
guest ok = yes
guest account = afarber
security = share
hosts allow = 172.16.6. 127.0.0.1
[src]
2017 Sep 23
2
more selinux problems ...
Hi,
how do I allow lighttpd access to a directory like this:
dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles
I tried to create and install a selinux module, and it didn?t work.
The non-working module can not be removed, either:
semodule -r lighttpd-files_articles.pp
libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at
2018 Sep 09
2
Type enforcement / mechanism not clear
Any SElinux expert here - briefly:
# getenforce
Enforcing
# sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
<no output>
# sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t
<no output>
# ls -laZ /etc/sysctl.conf /etc/rsyslog.conf
-rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf
-rw-r--r--. root root
2018 Sep 10
1
Type enforcement / mechanism not clear
Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote:
>> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>>>> Any SElinux expert here - briefly:
>>>>
>>>> # getenforce
2012 Feb 16
3
Baffled by selinux
Apache DocumentRoot on an NFS directory:
[root at localhost ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root at localhost ~]#
After some research, I found this (dated) link
2008 Oct 30
1
nfs mounted /home and selinux
I'm trying to set the context on an nfs mounted /home. I believe
exactly like in Redhat's Deployment Guide at
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html
On my system running CentOS 5.2:
$ ls -alZ /home
drwxr-xr-x root root system_u:object_r:home_root_t .
drwxr-xr-x root root system_u:object_r:root_t ..
$ mount -t
2018 Sep 09
3
Type enforcement / mechanism not clear
Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>> Any SElinux expert here - briefly:
>>
>> # getenforce
>> Enforcing
>>
>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
>> <no output>
>>
>> # sesearch -ACR -s httpd_t -c file
2018 Aug 21
5
selinux question
I have a web application which uses sudo to invoke python scripts as the
user under which the application runs (NO root access).? Is there any
reason why sudo would would require sys_ptrace access for this?? I only
get this violation intermittenly, and not with every call to sudo.?
Here's the violation:
Summary:
SELinux is preventing sudo (httpd_t) "sys_ptrace" to <Unknown>
2008 Jul 24
1
selinux & httpd & portmap
Having problems starting httpd & portmapper
#service httpd start
/usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot
open shared object file: No such file or directory
and I traced it to selinux, which I had just turned on for the first time:
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode:
2012 Jan 11
2
SELinux blocking cgi script from "writing to socket (httpd_t)"
Is this really supposed to get easier over time? :) Now my audit.log
file shows that SELinux is blocking my cgi script, index.cgi (which is
what's actually served when the user visits the front page of one of our
proxy sites like sugarsurfer.com) from having '"read write" to socket
(httpd_t)'. I have no idea what that means, except that I thought that
cgi scripts were