FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-17-2008, 10:17 PM
Claude Jones
 
Default Selinux and awstats

On Thursday 10 July 2008 12:08:28 Claude Jones wrote:

> On Thursday 10 July 2008 11:31:48 Daniel J Walsh wrote:

> > Sorry about the path problems.

>

> no problem

>

> > If matchpathcon returns no errors, you should be fine now.

>

> # matchpathcon /var/lib/awstats

> /var/lib/awstats system_ubject_r:awstats_var_lib_t

>

> As you can see above, it appears to be good. Thanks as always

> for your help.



Dan: A final report. After rebooting several times, and running smart many times, both of which used to produce many lines of the awstats/selinux messages, I think I can safely say that the problem has been solved. I wish I understood what your commands did, exactly - if you have a little time to respond to this, I would really appreciate a synopsis of your diagnosis and cure. I guess that somehow, two different policies were generated with regard to awstats, and that's what you were detecting with the matchpathcon command? Is that a fair understanding from my read of the man page? The semodule -B command was to force a rewrite of the policy, though I'm not sure to what end, as I read it... And somehow, you found and had me erase the multiple contexts?



--

Claude Jones

Levit & James, Inc.

Leesburg, VA

703-771-1549
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 07-18-2008, 02:02 PM
Daniel J Walsh
 
Default Selinux and awstats

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Claude Jones wrote:
> On Thursday 10 July 2008 12:08:28 Claude Jones wrote:
>> On Thursday 10 July 2008 11:31:48 Daniel J Walsh wrote:
>>> Sorry about the path problems.
>> no problem
>>
>>> If matchpathcon returns no errors, you should be fine now.
>> # matchpathcon /var/lib/awstats
>> /var/lib/awstats system_ubject_r:awstats_var_lib_t
>>
>> As you can see above, it appears to be good. Thanks as always
>> for your help.
>
> Dan: A final report. After rebooting several times, and running
> smart many times, both of which used to produce many lines of the
> awstats/selinux messages, I think I can safely say that the
> problem has been solved. I wish I understood what your commands
> did, exactly - if you have a little time to respond to this, I
> would really appreciate a synopsis of your diagnosis and cure. I
> guess that somehow, two different policies were generated with
> regard to awstats, and that's what you were detecting with the
> matchpathcon command? Is that a fair understanding from my read
> of the man page? The semodule -B command was to force a rewrite
> of the policy, though I'm not sure to what end, as I read it...
> And somehow, you found and had me erase the multiple contexts?
>
>
Yes I believe you or some package added the second file context entry,
which was causing your problem. The tools were some how borked for
removing the entry.

semodule -B

Basically reassembled the policy and moved the contents of
/etc/selinux/targeted/modules/active to /etc/selinux/targeted/contexts

So once we fully removed the context from the local modifications we
wanted to make sure the system files were correct.

semanage fcontext -d PATH

Should have done this for us, but something on your system was not
working correctly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkiAoo8ACgkQrlYvE4MpobMDDQCdF57z4E6Qwt QwfkuDjQvZMkBW
87wAoI3ylI1zNoerJP5lUWvERTjgfkfe
=tMRh
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 08:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org