Hello, after update from FC2 to FC3 and enabled SELinux with:
1. Edit /etc/selinux/config and change the type of policy to SELINUXTYPE=policyname.
2. To ensure that you can return from a reboot, set the mode to SELINUX=permissive. This way SELinux
will be running under the correct policy, but will let you login if there is a problem such as
incorrect file context labeling.
3.
Tell the init scripts to relabel the system on reboot with the command touch /.autorelabel.
4.
Reboot the system. A clean restart under the new policy allows all system processes to be started in
the proper context, and reveals any problems in the policy change.
5. Confirm your changes took effect with the command sestatus -v. With the new system running in
permissive mode, check /var/log/messages for avc: denied messages. These may indicate a problem that
needs to be solved for the system to run without trouble under the new policy.
and at step 5 I have entry with the avc: denied messages.
This have i found:
Mar 9 13:19:00 homer kernel: audit(1110370740.023:0): avc: denied { unlink } for pid=5797
exe=/usr/sbin/httpd name=ssl_mutex.5797 dev=hda1 ino=1063633 scontext=root:system_r:httpd_t
tcontext=root:object_r:httpd_log_t tclass=file
Mar 9 13:19:00 homer httpd: Starten von httpd succeeded
Mar 9 13:19:01 homer kernel: audit(1110370741.003:0): avc: denied { getattr } for pid=5798
exe=/usr/sbin/httpd path=/etc/php.ini dev=hda1 ino=246465 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:etc_t tclass=lnk_file
what must I do to correct this??
Attachment:
signature.asc
Description: OpenPGP digital signature
