Quoting m.roth@5-cent.us:
Have I mentioned that I am less than enthralled with selinux?
My latest issue is continuing messages in the /var/log/messages, which complain, for example, that siteminder can't write to smagent log (well, it can, since we've got selinux in permissive mode, and no, we have no control over using either siteminder or selinux).
I've done what it says will solve the problem. A number of times. Discussing it with my manager, it seems as though selinux DOES NOT HAVE CORRECT ERROR HANDLING, and is falling through to a default error, and is *not* telling me the true cause.
What is the error? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Running sealert. let's start with... <snip> SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to <snip> and respond with # getsebool -a | grep unified httpd_unified --> on
Then we can go to: <...> avc: denied { write } for pid=5898 comm="LLAWP" path="/var/log/httpd/smagent.log" dev=sda3 ino=<whatever> scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_log_t:s0 tclass=file
Do you need more info?
mark