Tue Jul 12 15:48:47 2005
Ticket #1252
Enforcing SELinux kills Campsite
Priority: | normal | Reporter: | john |
---|---|---|---|
Severity: | minor | Assigned to: | anonymous |
Component: | Campsite Server | Status: | new |
Version: | 3.0.0 | Resolution: | |
Milestone: | 3.0.0 | Keywords: |
Description by john:
I just tried turning on SELinux with Campsite. I get a 'Permission denied (13)' error on the documentroot of my webserver if I do that. This means that people installing Campsite on a fresh FC3 machine will probably run into problems. At the least, you will want to make a comment about this in you installation documentation. It's possible that this is even a problem with MySQL rather than Campsite, I guess. ADDITIONAL INFORMATION: See http://www.crypt.gen.nz/selinux/faq.html#BSP.5 for more info. Here are the messages from SELinux ('dmesg'): audit(1121179033.358:0): avc: denied { connect } for pid=4077 exe=/usr/sbin/httpd scontext=user_u:system_r:httpd_t tcontext=user_u:system_r:httpd_t tclass=tcp_socket audit(1121179033.640:0): avc: denied { read } for pid=17483 exe=/usr/libexec/mysqld path=/var/lib/mysql/campsite/Aliases.MYI dev=dm-0 ino=2164794 scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t tclass=file audit(1121179033.896:0): avc: denied { getattr } for pid=17483 exe=/usr/libexec/mysqld path=/var/lib/mysql/campsite/Issues.MYI dev=dm-0 ino=2164836 scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t tclass=file audit(1121179033.900:0): avc: denied { write } for pid=17483 exe=/usr/libexec/mysqld name=Issues.MYI dev=dm-0 ino=2164836 scontext=user_u:system_r:mysqld_t tcontext=user_u:object_r:var_lib_t tclass=file audit(1121179034.760:0): avc: denied { write } for pid=17484 exe=/var/www/campsite/cgi-bin/get_img name=mysql.sock dev=dm-0 ino=2113541 scontext=user_u:system_r:httpd_sys_script_t tcontext=user_u:object_r:var_lib_t tclass=sock_file There might be other privileges required, these are just the ones from the homepage.
Changelog
Fri Aug 5 10:37:59 2005: Modified by mugur
- milestone changed from 2.2.2 to 3.0.0