Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   runcon Invalid argument (http://www.linux-archive.org/fedora-selinux-support/655655-runcon-invalid-argument.html)

"Moray Henderson (ICT)" 04-13-2012 02:39 PM

runcon Invalid argument
 
I'm trying to debug an httpd-nfs-selinux issue, and it would be _really_
useful to be able to execute commands in context httpd_t while trying out
combinations of the nfs_export_all_rw Boolean and public_content_rw_t type.

If I can do

[root@kojihub ~]# runcon unconfined_u:unconfined_r:unconfined_t:s0 bash
[root@kojihub ~]# exit

why can't I do

[root@kojihub ~]# runcon unconfined_u:unconfined_r:httpd_t:s0 bash
runcon: invalid context: unconfined_u:unconfined_r:httpd_t:s0: Invalid
argument

The actual issue is that I've set up a new koji hub with /mnt/koji on an nfs
mount; with SELinux in permissive mode I get

AVC Report
================================================== ======
# date time comm subj syscall class permission obj event
================================================== ======
1. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 4 dir getattr
system_u:object_r:nfs_t:s0 denied 494
2. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 4 dir search
system_u:object_r:nfs_t:s0 denied 493
3. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir write
system_u:object_r:nfs_t:s0 denied 495
4. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir
add_name system_u:object_r:nfs_t:s0 denied 495
5. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 83 dir create
unconfined_u:object_r:nfs_t:s0 denied 495
6. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 2 file create
unconfined_u:object_r:nfs_t:s0 denied 496
7. 04/13/2012 14:23:36 httpd unconfined_u:system_r:httpd_t:s0 2 file open
system_u:object_r:nfs_t:s0 denied 496


Moray.
"To err is human; to purr, feline."




OM International Limited - Unit B Clifford Court, Cooper Way - Carlisle CA3 0JG - United Kingdom
Charity reg no: 1112655 - Company reg no: 5649412 (England and Wales)

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 02:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.