selinux question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have mythtv installed at home, and currently use a partition on a
separate drive to store my recorded shows (/dev/hda1, mapped as
/data1).  I recently installed mythweb, which seems to be working fine
except for one minor issue - whenever I try to list the recorded
programs via the mythweb interface, php errors pop up with permission
issues, and the following appears in my kernel log:

kernel: audit(1107226430.548:0): avc:  denied  {
search }
for  pid=29290 exe=/usr/sbin/httpd name=/ dev=hda1 ino=2
scontext=root:system_r:httpd_t tcontext=system_u:object_r:default_t
tclass=dir

kernel: audit(1107226430.549:0): avc:  denied  {
getattr } for  pid=29290 exe=/usr/sbin/httpd path=/data1 dev=hda1
ino=2 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:default_t tclass=dir

kernel: audit(1107226430.549:0): avc:  denied  {
getattr } for  pid=29290 exe=/usr/sbin/httpd path=/data1 dev=hda1
ino=2 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:default_t tclass=dir

which makes sense, I suppose - httpd shouldn't be touching stuff in
/data1 - but I'd like to allow httpd to see these files.  As far as my
limited understanding goes (I'm still trying to grok selinux), is the
best way to do this to add an entry in
/etc/selinux/targeted/contexts/files/file_contexts, then fire up
restorecon?

Thanks for any help,
Tim

-- 
Morals?  I eat communism and $h!t America, brother.  --Seanbaby


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux