On Sat, Nov 27, 2010 at 10:58:00AM +1100, Alison wrote:
Hi,
total newbie on CentOS. Just firing up an install of 5.5 on a development webserver. Installed Webmin, Awstats, PHPMyAdmin and Drupal successfully. Yet to work on Sendmail and Samba. SELinux in enforcing mode, reporting "SELinux preventing ifconfig (ifconfig_t) "read write" to /var/webminsessiondb.pag (var_t)".
There is a reason that control panels are effectively unsupported; you just hit on one of those reasons. Although I must admit I don't fully grasp why webmin is referencing ifconfig_t.
Googled the error message without real success in finding fix - bug reports showing. Question is whether worth pursuing as SELinux is the way of the future. Or is SELinux a good idea that never really made it's way into the sun. Thoughts please.
There are only a small number of corner cases in which SElinux is not appropriate; for all other cases it should be enabled.
It exists for a reason and is shipped fully enabled for a reason. Being able to limit access based on contexts and roles is an incredibly powerful tool which greatly improves the security of your server and the integrity of your data.
Following is a list of very useful SElinux resources.
http://wiki.centos.org/HowTos/SELinux http://wiki.centos.org/TipsAndTricks/SelinuxBooleans http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/ http://fedorasolved.org/security-solutions/selinux-module-building http://centoshelp.org/security/selinux-common-commands-troubleshooting
Some quality time with these resources will allow you to correct the SElinux exception you listed above and also give you a much better understanding of SElinux as a whole.
John