SCIENTIFIC-LINUX-USERS Archives

November 2005

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: AW: SELinux deactivate how?
From:
Jan Iven <[log in to unmask]>
Reply To:
Jan Iven <[log in to unmask]>
Date:
Thu, 10 Nov 2005 13:10:57 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (33 lines) 
On Wed, 2005-11-09 at 18:03 +0100, Stefan Sabolowitsch wrote:
> Conny, Thanks for your rapid answer.
> 
> >It is better of course to learn how to make http live with SELINUX instead
> >of disabling it.
> 
> you are right .
> Do you have an idea like one SELinux and php mmcache to co-operate to bring
> can?

strace the thing and try to find which file under /var it tries to
writes to, redirect this to one of the several directories httpd is
allowed (cache, log). Check whether you can run PHP as cgi script, or
why it isn't labelled as "httpd_php_t". Complain to (whoever wrote php-
mmcache)


If everything else fails:

get the selinux-targeted-policy-source RPM, create 
/etc/selinux/targeted/src/policy/domains/misc/local.te
and add 

allow httpd_t var_t write;

and run "make load" in /etc/selinux/targeted/src/policy/

But this smells like too large a hole.

Or see (via Google):
https://www.redhat.com/archives/fedora-selinux-list/2005-
August/msg00014.html

ATOM RSS1 RSS2