FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-16-2012, 11:35 AM
Lars Hecking
 
Default Baffled by selinux

Apache DocumentRoot on an NFS directory:

[root@localhost ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root@localhost ~]#

After some research, I found this (dated) link

http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html

and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still
can't start httpd. Not sure what to make of the audit log:

type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_ubject_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1329395502.681:61927): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_ubject_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1329395502.681:61927): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-16-2012, 12:18 PM
Daniel J Walsh
 
Default Baffled by selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2012 07:35 AM, Lars Hecking wrote:
> type=AVC msg=audit(1329395502.678:61926): avc: denied { search }
> for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_ubject_r:nfs_t:s0 tclass=dir type=SYSCALL
> msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no
> exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370
> a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
> comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC
> msg=audit(1329395502.681:61927): avc: denied { search } for
> pid=25674 comm="httpd" name="" dev=0:23 ino=3471615
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_ubject_r:nfs_t:s0 tclass=dir type=SYSCALL
> msg=audit(1329395502.681:61927): arch=c000003e syscall=4 success=no
> exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50
> items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd"
> exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0
> key=(null)

Have you tried httpd_use_nfs?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk89Ah4ACgkQrlYvE4MpobN49QCfd9MWBdZZM1 xMBC1Fw3cWG7hx
iWoAoM8gCRon0jLK0S9wyzxw8hgddozG
=CSFc
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Thu Feb 16 15:30:02 2012
Return-path: <arch-general-bounces@archlinux.org>
Envelope-to: tom@linux-archive.org
Delivery-date: Thu, 16 Feb 2012 15:19:36 +0200
Received: from gerolde.archlinux.org ([66.211.214.132]:57135)
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <arch-general-bounces@archlinux.org>)
id 1Ry1FH-0001Hu-OH
for tom@linux-archive.org; Thu, 16 Feb 2012 15:19:36 +0200
Received: from gudrun.archlinux.org (gudrun.archlinux.org [66.211.214.131])
by gerolde.archlinux.org (Postfix) with ESMTP id 1F65B90060;
Thu, 16 Feb 2012 08:19:31 -0500 (EST)
Received: from gerolde.archlinux.org (gerolde.archlinux.org [66.211.214.132])
by gudrun.archlinux.org (Postfix) with ESMTP id 89710921A4
for <arch-general@archlinux.org>; Thu, 16 Feb 2012 08:19:29 -0500 (EST)
Received-SPF: pass (gmail.com ... _spf.google.com: 209.85.214.44 is authorized
to use 'bo.bjornsen@gmail.com' in 'mfrom' identity (mechanism
'ip4:209.85.128.0/17' matched)) receiver=gerolde.archlinux.org;
identity=mailfrom; envelope-from="bo.bjornsen@gmail.com";
helo=mail-bk0-f44.google.com; client-ip=209.85.214.44
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com
[209.85.214.44])
by gerolde.archlinux.org (Postfix) with ESMTPS id 25DC49005C
for <arch-general@archlinux.org>; Thu, 16 Feb 2012 08:19:28 -0500 (EST)
Received: by bkuw12 with SMTP id w12so1921334bku.3
for <arch-general@archlinux.org>; Thu, 16 Feb 2012 05:19:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=message-id:date:from:user-agent:mime-version:to:subject:references
:in-reply-to:x-enigmail-version:content-type;
bh=jBOcAJD05mshFhe8FIRqwnzbSQTH3n0lpQHzf6+C1Zw=;
b=wuTCOsy4MRCz/MOR4wV7Epi3FhKBJpzxfQMM8mn8mbJSO+Mpb8C+H7EmsUvSbIz EjT
wrpE/u4lY4g5lX/9IYPHjG79Fo7vp5iPWznXQTcaJk0IPlyzuRxIh6Mdtbttotvyc kFL
eE1n2qJbEYYHbJbix+u4tWJoPNsGCgT98jjIw=
Received: by 10.112.25.70 with SMTP id a6mr840647lbg.47.1329398372969;
Thu, 16 Feb 2012 05:19:32 -0800 (PST)
Received: from [192.168.1.126] (ti0095a380-1726.bb.online.no. [85.167.70.192])
by mx.google.com with ESMTPS id o3sm7305097lbn.2.2012.02.16.05.19.31
(version=SSLv3 cipher=OTHER); Thu, 16 Feb 2012 05:19:32 -0800 (PST)
Message-ID: <4F3D0258.1050908@gmail.com>
Date: Thu, 16 Feb 2012 14:19:20 +0100
From: =?UTF-8?B?QmrDuHJuIMOYaXZpbmQgQmrDuHJuc2Vu?=
<bo.bjornsen@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:9.0) Gecko/20111224 Thunderbird/9.0.1
MIME-Version: 1.0
To: arch-general@archlinux.org
References: <4F3CFFB7.4040704@gmx.de> <1349550.SeetmxqnaU@pii>
In-Reply-To: <1349550.SeetmxqnaU@pii>
X-Enigmail-Version: 1.3.5
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="------------enigA67281E9FFEEBC9FB995159E"
Subject: Re: [arch-general] shutdown problems
X-BeenThere: arch-general@archlinux.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: General Discussion about Arch Linux <arch-general@archlinux.org>
List-Id: General Discussion about Arch Linux <arch-general.archlinux.org>
List-Unsubscribe: <http://mailman.archlinux.org/mailman/options/arch-general>,
<mailto:arch-general-request@archlinux.org?subject=unsubscribe>
List-Archive: <http://mailman.archlinux.org/pipermail/arch-general>
List-Post: <mailto:arch-general@archlinux.org>
List-Help: <mailto:arch-general-request@archlinux.org?subject=help>
List-Subscribe: <http://mailman.archlinux.org/mailman/listinfo/arch-general>,
<mailto:arch-general-request@archlinux.org?subject=subscribe>
Errors-To: arch-general-bounces@archlinux.org
Sender: arch-general-bounces@archlinux.org

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA67281E9FFEEBC9FB995159E
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 16/02/12 14:11, Jesse Juhani Jaara wrote:
> I am experiencing this same issue on my 2 KDE systems too. Both using s=
ystemd=20
> too.

Likewise, but since shutdown works from KDM, this has not bothered me
enough to debug it quite yet.

Regards,
Bj=C3=B8rn =C3=98ivind


--------------enigA67281E9FFEEBC9FB995159E
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPPQJhAAoJEAPvNxjF/T/2NiEP/1m4FLRWpa7Ou2+vmxB69Ns6
XUdf5wX2OPaJCO96yta+oPcMRT/AJe0oxFEBzXKfWcUJdVvvPgJ3w/F6yQWFn36L
g/xhrz4eaE/vgFXwxlitX2EMP1ptyMx9opDoUj2ZuSR5Rk/iyRXye5z8DP76s7EJ
x2j2Q9ueOhloCxThekxhA7rtQcMyo1/cqrOPsLAB4kJKfWNq+3jVV0XVhx85fOZQ
ELZgQ/mL6L4zIuad0a+Tt23mcKEFHom3TjG4jKlPkgtVuvNAMlIxtAaT uuWpHZdR
oPbc/5LNxPjwQNxJkdDYpPj8mKR/ZRpfR2PxD2bVB5JC9sZ1sLhTAhrXE4VZMNbQ
KsshDG+3m8XK6egEo/3GoTRndlKxCynrD0cc/4XxkDA8KsvgyCbE3rugSraC7gEM
maAZtxaXRlVeeZwKFm1muqtFDYVehvFAyKr2N4wP/tOK90ugEuyQOsn3UrRrzn/k
j66L+vasvpWBuanBOm2qP8K55+0FQbrX2WmZQEEtdIZzbVgg1H NuA1QkRxUGqFul
QEKSeY1c7ratt+EJH8Ud9G+atBWpfoMwFSZSgnHdmp7CT80m2B JRtY0oDvr7XFeE
kRi7kea416Wv3vcER+r+o2UxYceW+rXpBptRhXLwWh5XjG46mO 0m2wrU4zrU87TN
bDy/UGGPvQ9ylHK6hgp0
=afva
-----END PGP SIGNATURE-----

--------------enigA67281E9FFEEBC9FB995159E--
 
Old 02-16-2012, 12:28 PM
Lars Hecking
 
Default Baffled by selinux

> Have you tried httpd_use_nfs?

Slam dunk. Thanks!

Did this boolean exist before yesterdays kernel and selinux policy update?
The setup was working until I rebooted.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-16-2012, 01:17 PM
Daniel J Walsh
 
Default Baffled by selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2012 08:28 AM, Lars Hecking wrote:
>
>> Have you tried httpd_use_nfs?
>
> Slam dunk. Thanks!
>
> Did this boolean exist before yesterdays kernel and selinux policy
> update? The setup was working until I rebooted.
>
>
>
> _______________________________________________ CentOS mailing
> list CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

I see this boolean in RHEL5 and RHEl6. So it has been there a while.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk89EBMACgkQrlYvE4MpobPpkgCaA2Zq4kyCP6 LBeZq5VKGJ1/Rc
ifEAoJKOfGjTL41OyRYQww1m7xFBiYPn
=YpLT
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-16-2012, 04:13 PM
"James B. Byrne"
 
Default Baffled by selinux

On Thu, February 16, 2012 07:35, Lars Hecking wrote:
>
> Apache DocumentRoot on an NFS directory:
>
> [root@localhost ~]# service httpd start
> Starting httpd: Warning: DocumentRoot [/home/www/html]
> does not exist
> Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
> DocumentRoot must be a directory
> [FAILED]
> [root@localhost ~]#
>
> After some research, I found this (dated) link
>
> http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html
>
> and followed the suggestion, setsebool -P
> use_nfs_home_dirs=1. But I still
> can't start httpd. Not sure what to make of the audit
> log:
>
> type=AVC msg=audit(1329395502.678:61926): avc: denied {
> search } for pid=25674 comm="httpd" name="" dev=0:23
> ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_ubject_r:nfs_t:s0 tclass=dir
> type=SYSCALL msg=audit(1329395502.678:61926):
> arch=c000003e syscall=4 success=no exit=-13
> a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370
> a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0
> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
> ses=2 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1329395502.681:61927): avc: denied {
> search } for pid=25674 comm="httpd" name="" dev=0:23
> ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_ubject_r:nfs_t:s0 tclass=dir
> type=SYSCALL msg=audit(1329395502.681:61927):
> arch=c000003e syscall=4 success=no exit=-13
> a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50
> items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
> comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
>
>
>
>

Try this:

yum install policycoreutils-python setroubleshoot-server

Now use the audit2allow and semanage utilities to tell you
what SEbooleans to set or what to include in a custom
policy. Information from 2010 is out of date for SELinux
on CentOS-6, assuming that you are in fact running the
latest version, much less stuff from 2005.

HTH

--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-16-2012, 04:22 PM
Daniel J Walsh
 
Default Baffled by selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2012 12:13 PM, James B. Byrne wrote:
>
> On Thu, February 16, 2012 07:35, Lars Hecking wrote:
>>
>> Apache DocumentRoot on an NFS directory:
>>
>> [root@localhost ~]# service httpd start Starting httpd: Warning:
>> DocumentRoot [/home/www/html] does not exist Syntax error on line
>> 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a
>> directory [FAILED] [root@localhost ~]#
>>
>> After some research, I found this (dated) link
>>
>> http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html
>>
>> and followed the suggestion, setsebool -P use_nfs_home_dirs=1.
>> But I still can't start httpd. Not sure what to make of the
>> audit log:
>>
>> type=AVC msg=audit(1329395502.678:61926): avc: denied { search
>> } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615
>> scontext=unconfined_u:system_r:httpd_t:s0
>> tcontext=system_ubject_r:nfs_t:s0 tclass=dir type=SYSCALL
>> msg=audit(1329395502.678:61926): arch=c000003e syscall=4
>> success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370
>> a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674
>> auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd"
>> subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC
>> msg=audit(1329395502.681:61927): avc: denied { search } for
>> pid=25674 comm="httpd" name="" dev=0:23 ino=3471615
>> scontext=unconfined_u:system_r:httpd_t:s0
>> tcontext=system_ubject_r:nfs_t:s0 tclass=dir type=SYSCALL
>> msg=audit(1329395502.681:61927): arch=c000003e syscall=4
>> success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630
>> a2=7fffaf747630 a3=50 items=0 ppid=25673 pid=25674 auid=0 uid=0
>> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
>> comm="httpd" exe="/usr/sbin/httpd"
>> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
>>
>>
>>
>>
>
> Try this:
>
> yum install policycoreutils-python setroubleshoot-server
>
> Now use the audit2allow and semanage utilities to tell you what
> SEbooleans to set or what to include in a custom policy.
> Information from 2010 is out of date for SELinux on CentOS-6,
> assuming that you are in fact running the latest version, much less
> stuff from 2005.
>
> HTH
>

Actually the combination of two booleans would have also allowed this
access.

tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
fs_list_auto_mountpoints(httpd_t)
fs_read_nfs_files(httpd_t)
fs_read_nfs_symlinks(httpd_t)
')

But if you are not allowing apache to look in users homedirs,
httpd_use_nfs is more secure.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEUEARECAAYFAk89O2YACgkQrlYvE4MpobO2QACgh4bXtGnbl3 tR79dVb8uq42Jt
dlEAljnV14BDxlFELIRC6GHffqIyyqU=
=j+oC
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-16-2012, 04:52 PM
Les Mikesell
 
Default Baffled by selinux

On Thu, Feb 16, 2012 at 11:13 AM, James B. Byrne <byrnejb@harte-lyne.ca>wrote:


> Information from 2010 is out of date for SELinux
> on CentOS-6,



I thought the whole point of enterprise distributions was to not have
behavior changes for a major version release, which would, in fact have
been in 2010 for the upstream copy.

--
Les Mikesell
lesmikesell@gmail.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-16-2012, 07:52 PM
Bob Hoffman
 
Default Baffled by selinux

*Lars Hecking* wrote

================================================== =========
pache DocumentRoot on an NFS directory:

[root at localhost <http://lists.centos.org/mailman/listinfo/centos> ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root at localhost <http://lists.centos.org/mailman/listinfo/centos> ~]#

After some research, I found this (dated) link

http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html

and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still
can't start httpd. Not sure what to make of the audit log:

type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_ubject_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1329395502.681:61927): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_ubject_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1329395502.681:61927): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
================================================== =================

/home/www/html does not exist.
Whether redhat did this on purpose or by mistake, the directory should be
/var/www/html.

IT is not selinux, it is the wrong non existing directory in the httpd.conf file.

oopsy on someone's part. Happened to me too...took me a while to see the installed
conf file directory was the wrong folder path.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-16-2012, 09:52 PM
Daniel J Walsh
 
Default Baffled by selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/16/2012 12:52 PM, Les Mikesell wrote:
> On Thu, Feb 16, 2012 at 11:13 AM, James B. Byrne
> <byrnejb@harte-lyne.ca>wrote:
>
>
>> Information from 2010 is out of date for SELinux on CentOS-6,
>
>
>
> I thought the whole point of enterprise distributions was to not
> have behavior changes for a major version release, which would, in
> fact have been in 2010 for the upstream copy.
>

The data from 2010 is still current, but you need to change both booleans.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk89iMYACgkQrlYvE4MpobPKyQCg3s+IL6Gsao b5np1Yva+O+fiq
W9kAoLiQXFA6wU+l3jVuzfjVOAsn2QNx
=oM7A
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-05-2012, 06:40 PM
Bruce Martin
 
Default Baffled by selinux

Lars Hecking <lhecking@...> writes:

>
>
> > Have you tried httpd_use_nfs?
>
> Slam dunk. Thanks!
>


Can you be more specific on what file you edited and the syntax of the line
you put in and/or edited?
While I am able to start apache I am getting several errors in the log files
that seem to be related to this.

Bruce

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:36 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org