[CentOS] selinux policy and httpd

Wed Nov 21 13:41:46 UTC 2012
Daniel J Walsh <dwalsh at redhat.com>

Hash: SHA1

On 11/21/2012 08:05 AM, mark wrote:
> On 11/21/12 05:17, Daniel J Walsh wrote:
>> On 11/20/2012 03:56 PM, m.roth at 5-cent.us wrote:
>>> I upgraded a development server last week, and it started spewing
>>> selinux errors to the log. I googled. What finally *seems* to have
>>> stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade
>>> selinux-policy\*
>>> This is on a 6.3 box. Has anyone else seen this behaviour?
>> I would doubt you needed to downgrade the policy.  I would figure you got
>> a new version of apache or some application that was requiring httpd to
>> setrlimit.
> You mean *all* that garbage was because setrlimit needed to be set? If so,
> I would have expected the installation or upgrade of the package to do that
> in the postinstall.
> Thanks.
> mark
I have no idea what happened to cause the problem.  But I do know that
selinux-policy releases always loosen policy on minor releases.  Since there
is no tightening of selinux-policy I don't see where upgrading or downgrading
policy would suddenly cause apache to want to setrlimit.  Other packages
within the same update like potentially the kernel, httpd or perhaps the apps
you are running in httpd could have caused it.
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/