On Wed, 2005-11-09 at 18:03 +0100, Stefan Sabolowitsch wrote:
> Conny, Thanks for your rapid answer.
>
> >It is better of course to learn how to make http live with SELINUX instead
> >of disabling it.
>
> you are right .
> Do you have an idea like one SELinux and php mmcache to co-operate to bring
> can?
strace the thing and try to find which file under /var it tries to
writes to, redirect this to one of the several directories httpd is
allowed (cache, log). Check whether you can run PHP as cgi script, or
why it isn't labelled as "httpd_php_t". Complain to (whoever wrote php-
mmcache)
If everything else fails:
get the selinux-targeted-policy-source RPM, create
/etc/selinux/targeted/src/policy/domains/misc/local.te
and add
allow httpd_t var_t write;
and run "make load" in /etc/selinux/targeted/src/policy/
But this smells like too large a hole.
Or see (via Google):
https://www.redhat.com/archives/fedora-selinux-list/2005-
August/msg00014.html