[CentOS] ejabberd 2.0.2 vs SELinux vs CentOS 5

Damian S dsteward at internode.on.net
Mon Oct 6 01:48:53 UTC 2008


On Sun, 2008-10-05 at 03:02 +1100, Damian S wrote:
> Anyway, to cut a long story short, I have discovered that SELinux is
> preventing erlang from accessing its crypto libs.
> This message appears in the SELinux audit logs:
> type=AVC msg=audit(1223133076.770:102): avc:  denied  { execmod } for
> pid=3878 comm="beam.smp"
> path="/opt/ejabberd-2.0.2_2/lib/crypto-1.5.2/priv/linux-x86/lib/crypto_drv.so" dev=dm-0 ino=26738869 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file

Just one final thing (hope it helps someone in future), according to Dan
Walsh, much better (more fine-grained) than setting the allow_execmem
boolean is to do this:
chcon -t unconfined_execmem_exec_t /opt/ejabberd-2.0.2_2/bin/beam.smp




More information about the CentOS mailing list