FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-04-2008, 01:42 AM
Claude Jones
 
Default Selinux and awstats

On Thu July 3 2008, Daniel J Walsh wrote:
> Claude Jones wrote:
> >> Does it report an error now?
> >
> > Seems it does:
> >
> > # matchpathcon /var/lib/awstats
> > /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
> > specifications for /usr/share/awstats/wwwroot/cgi-bin(/.*)?
> > (system_ubject_r:httpd_sys_script_exec_t:s0 and
> > system_ubject_r:httpd_awstats_script_exec_t:s0).
> > /var/lib/awstats * * * *system_ubject_r:awstats_var_lib_t
>
> BTW
>
> # semanage fcontext -l -C
>
> Will show you local customizations to your file context files. *These
> are changes made either by an administrator or in the postinstall of
> some non SELinux-policy rpm file.

# semanage fcontext -l -C
SELinux fcontext type Context

It would appear there are no customizations. Any other ideas about what could
be causing this...
--
Claude Jones
Brunswick, MD, USA

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-08-2008, 06:28 PM
Daniel J Walsh
 
Default Selinux and awstats

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Claude Jones wrote:
> On Thu July 3 2008, Daniel J Walsh wrote:
>> Claude Jones wrote:
>>>> Does it report an error now?
>>> Seems it does:
>>>
>>> # matchpathcon /var/lib/awstats
>>> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
>>> specifications for /usr/share/awstats/wwwroot/cgi-bin(/.*)?
>>> (system_ubject_r:httpd_sys_script_exec_t:s0 and
>>> system_ubject_r:httpd_awstats_script_exec_t:s0).
>>> /var/lib/awstats system_ubject_r:awstats_var_lib_t
>> BTW
>>
>> # semanage fcontext -l -C
>>
>> Will show you local customizations to your file context files. These
>> are changes made either by an administrator or in the postinstall of
>> some non SELinux-policy rpm file.
>
> # semanage fcontext -l -C
> SELinux fcontext type Context
>
> It would appear there are no customizations. Any other ideas about what could
> be causing this...

Is matchpathcon still giving you the error?

# cat /etc/selinux/targeted/contexts/files/file_contexts.local
# cat /etc/selinux/targeted/modules/active/file_contexts.local
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkhzseUACgkQrlYvE4MpobNK0QCgsaS/6XiKOQs1+wTJDvw2J7Fu
u4kAoN/Zm+Vmi62oMmUlkV6bf7w0iFfw
=YmPF
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-09-2008, 12:59 AM
Claude Jones
 
Default Selinux and awstats

On Tue July 8 2008, Daniel J Walsh wrote:
> Is matchpathcon still giving you the error?
>
> # cat /etc/selinux/targeted/contexts/files/file_contexts.local
> # cat /etc/selinux/targeted/modules/active/file_contexts.local

Running it just now yielded:
# matchpathcon /var/lib/awstats
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /usr/share/awstats/wwwroot/cgi-bin(/.*)?
(system_ubject_r:httpd_sys_script_exec_t:s0 and
system_ubject_r:httpd_awstats_script_exec_t:s0).
/var/lib/awstats system_ubject_r:awstats_var_lib_t

--
Claude Jones
Brunswick, MD, USA

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-09-2008, 01:52 PM
Daniel J Walsh
 
Default Selinux and awstats

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Claude Jones wrote:
| On Tue July 8 2008, Daniel J Walsh wrote:
|> Is matchpathcon still giving you the error?
|>
|> # cat /etc/selinux/targeted/contexts/files/file_contexts.local
|> # cat /etc/selinux/targeted/modules/active/file_contexts.local
|
| Running it just now yielded:
| # matchpathcon /var/lib/awstats
| /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
| specifications for /usr/share/awstats/wwwroot/cgi-bin(/.*)?
| (system_ubject_r:httpd_sys_script_exec_t:s0 and
| system_ubject_r:httpd_awstats_script_exec_t:s0).
| /var/lib/awstats system_ubject_r:awstats_var_lib_t
|
And did you execute the cat lines above?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkh0wo0ACgkQrlYvE4MpobMO4wCfTrDKxIcEaa 6pgbz06oDbk0oH
8WsAnRBJ6Ncnkjq8n0spMzgibbISc27d
=tQU7
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-09-2008, 11:54 PM
Claude Jones
 
Default Selinux and awstats

On Thursday 03 July 2008 14:14:09 Daniel J Walsh wrote:
> > # matchpathcon /var/lib/awstats
> > /etc/selinux/targeted/contexts/files/file_contexts: Multiple
> > different specifications for
> > /usr/share/awstats/wwwroot/cgi-bin(/.*)?
> > (system_ubject_r:httpd_sys_script_exec_t:s0 and
> > system_ubject_r:httpd_awstats_script_exec_t:s0).
> > /var/lib/awstats * * * *system_ubject_r:awstats_var_lib_t
>
> # semanage fcontext -d
> '/usr/share/awstats/wwwroot/cgi-bin(/.*)?'

Just ran this, but it appears selinux doesn't approve:
# semanage fcontext -d '/usr/share/awstats/wwwroot/cgi-bin(/.*)?'
/usr/sbin/semanage: File context for
/usr/share/awstats/wwwroot/cgi-bin(/.*)? is defined in policy,
cannot be deleted

--
Claude Jones
Levit & James, Inc.
Leesburg, VA
703-771-1549

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-09-2008, 11:58 PM
Claude Jones
 
Default Selinux and awstats

On Wednesday 09 July 2008 09:52:13 Daniel J Walsh wrote:
> Claude Jones wrote:
> | On Tue July 8 2008, Daniel J Walsh wrote:
> |> Is matchpathcon still giving you the error?
> |>
> |> # cat
> |> /etc/selinux/targeted/contexts/files/file_contexts.local #
> |> cat
> |> /etc/selinux/targeted/modules/active/file_contexts.local
>
> And did you execute the cat lines above?

Just did:
# cat /etc/selinux/targeted/contexts/files/file_contexts.local
# This file is auto-generated by libsemanage
# Do not edit directly.

********/usr/lib(64)?/ati-fglrx/.*.so(..*)? --
system_ubject_r:textrel_shlib_t:s0
/usr/share/awstats/wwwroot/cgi-bin(/.*)?
system_ubject_r:httpd_sys_script_exec_t:s0
[root@vrproductions3 ~]# cat
/etc/selinux/targeted/modules/active/file_contexts.local
# This file is auto-generated by libsemanage
# Do not edit directly.

********/usr/lib(64)?/ati-fglrx/.*.so(..*)? --
system_ubject_r:textrel_shlib_t:s0

************************************************** *******
I'm afraid I don't understand...does any of this make sense to
you? Just had to reboot and I got about a dozen lines of this
stuff; it seems to happen when loading certain services...not
all.


--
Claude Jones
Levit & James, Inc.
Leesburg, VA
703-771-1549

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-10-2008, 12:43 PM
Daniel J Walsh
 
Default Selinux and awstats

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Claude Jones wrote:
> On Wednesday 09 July 2008 09:52:13 Daniel J Walsh wrote:
>> Claude Jones wrote:
>> | On Tue July 8 2008, Daniel J Walsh wrote:
>> |> Is matchpathcon still giving you the error?
>> |>
>> |> # cat
>> |> /etc/selinux/targeted/contexts/files/file_contexts.local #
>> |> cat
>> |> /etc/selinux/targeted/modules/active/file_contexts.local
>>
>> And did you execute the cat lines above?
>
> Just did:
> # cat /etc/selinux/targeted/contexts/files/file_contexts.local
> # This file is auto-generated by libsemanage
> # Do not edit directly.
>
> /usr/lib(64)?/ati-fglrx/.*.so(..*)? --
> system_ubject_r:textrel_shlib_t:s0
> /usr/share/awstats/wwwroot/cgi-bin(/.*)?
> system_ubject_r:httpd_sys_script_exec_t:s0
> [root@vrproductions3 ~]# cat
> /etc/selinux/targeted/modules/active/file_contexts.local
> # This file is auto-generated by libsemanage
> # Do not edit directly.
>
> /usr/lib(64)?/ati-fglrx/.*.so(..*)? --
> system_ubject_r:textrel_shlib_t:s0
>
> ************************************************** *******
> I'm afraid I don't understand...does any of this make sense to
> you? Just had to reboot and I got about a dozen lines of this
> stuff; it seems to happen when loading certain services...not
> all.
>
>
Execute

# semodule -B

And check if the contents of the two .local files match.

/etc/selinux/targeted/files/file_context

is the directory that matchpathcon and other utilities that read the
default file context use

/etc/selinux/targeted/modules/active is the files that semanage uses to
generate the /etc/selinux/targetd/files files. So I am not sure how
they have gotten different. Running semanage or semodule should replace
the /etc/selinux/targeted/files/file_contexts.local with
/etc/selinux/targeted/modules/active/files_contexts.local

If this does not work, you can copy it your self.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkh2A/AACgkQrlYvE4MpobPwXQCdHPueuKL2jFMwm1kiKKQAxjCH
OAUAoNLZRmSlAT7L5eShFxMm6rOUnrSZ
=T+KF
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-10-2008, 02:10 PM
Claude Jones
 
Default Selinux and awstats

On Thu July 10 2008, Daniel J Walsh wrote:
> Execute
>
> # semodule -B
>

I did this - there was no response, just returned a prompt

> And check if the contents of the two .local files match.
>
> /etc/selinux/targeted/files/file_context
>

I couldn't find the above but found:
/etc/selinux/targeted/contexts/files/ in which I found file_contexts.local

> is the directory that matchpathcon and other utilities that read the
> default file context use
>
> /etc/selinux/targeted/modules/active is the files that semanage uses to
> generate the /etc/selinux/targetd/files files. *So I am not sure how
> they have gotten different. *Running semanage or semodule should replace
> the /etc/selinux/targeted/files/file_contexts.local with
> /etc/selinux/targeted/modules/active/files_contexts.local
>

the two files 'file_contexts.local' in the above folders match
(with the caveat that the first is in '/etc/selinux/targeted/contexts/files'
and NOT in '/etc/selinux/targeted/files' which doesn't exist)

> If this does not work, you can copy it your self.

I'll monitor things and see if this makes the problem go away. By the way, the
current content of those files is:
************************************************** *******************

# This file is auto-generated by libsemanage
# Do not edit directly.

********/usr/lib(64)?/ati-fglrx/.*.so(..*)? --
system_ubject_r:textrel_shlib_t:s0

************************************************** ********************
there is no mention of awstats as you can see
--
Claude Jones
Brunswick, MD, USA

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-10-2008, 03:31 PM
Daniel J Walsh
 
Default Selinux and awstats

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Claude Jones wrote:
> On Thu July 10 2008, Daniel J Walsh wrote:
>> Execute
>>
>> # semodule -B
>>
>
> I did this - there was no response, just returned a prompt
>
>> And check if the contents of the two .local files match.
>>
>> /etc/selinux/targeted/files/file_context
>>
>
> I couldn't find the above but found:
> /etc/selinux/targeted/contexts/files/ in which I found file_contexts.local
>
>> is the directory that matchpathcon and other utilities that read the
>> default file context use
>>
>> /etc/selinux/targeted/modules/active is the files that semanage uses to
>> generate the /etc/selinux/targetd/files files. So I am not sure how
>> they have gotten different. Running semanage or semodule should replace
>> the /etc/selinux/targeted/files/file_contexts.local with
>> /etc/selinux/targeted/modules/active/files_contexts.local
>>
>
> the two files 'file_contexts.local' in the above folders match
> (with the caveat that the first is in '/etc/selinux/targeted/contexts/files'
> and NOT in '/etc/selinux/targeted/files' which doesn't exist)
>
>> If this does not work, you can copy it your self.
>
> I'll monitor things and see if this makes the problem go away. By the way, the
> current content of those files is:
> ************************************************** *******************
>
> # This file is auto-generated by libsemanage
> # Do not edit directly.
>
> /usr/lib(64)?/ati-fglrx/.*.so(..*)? --
> system_ubject_r:textrel_shlib_t:s0
>
> ************************************************** ********************
> there is no mention of awstats as you can see
Sorry about the path problems.

If matchpathcon returns no errors, you should be fine now.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkh2K2QACgkQrlYvE4MpobPfYwCgtO1si3fSNU CIkJuLsnO6nYFE
dC4AoJj75ANAfXMNYSk6QgKzet02yEiX
=InuY
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-10-2008, 04:08 PM
Claude Jones
 
Default Selinux and awstats

On Thursday 10 July 2008 11:31:48 Daniel J Walsh wrote:
> Sorry about the path problems.
>

no problem

> If matchpathcon returns no errors, you should be fine now.

# matchpathcon /var/lib/awstats
/var/lib/awstats system_ubject_r:awstats_var_lib_t

As you can see above, it appears to be good. Thanks as always for
your help.
--
Claude Jones
Levit & James, Inc.
Leesburg, VA
703-771-1549

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 09:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org