On 07/12/2009 07:04 AM, Jurgen Kramer wrote: > I've just upgraded my server to Fedora 11 (clean install) and I am > trying to get everything working again. I have some problems with my > mrtg scripts, they seem not allowed to run. I guess this has something > to do with selinux. > > I see the following errors in the log: > > Can't exec "/etc/mrtg/cpu_temp.sh": Permission denied at /usr/bin/mrtg > line 2030. > 2009-07-12 12:35:02: WARNING: Running '/etc/mrtg/cpu_temp.sh': > Permission denied > 2009-07-12 12:35:02: WARNING: Could not get any data from external > command '/etc/mrtg/cpu_temp.sh' > Maybe the external command did not even start. (Permission denied) > > I changed the security context for all files residing in /etc/mrtg to: > > [kramer@nasng mrtg]$ ll -Z > -rwx------. root root system_u:object_r:mrtg_etc_t:s0 cpufan_speed.sh > -rwx------. root root system_u:object_r:mrtg_etc_t:s0 cpu_temp.sh > -rwx------. root root system_u:object_r:mrtg_etc_t:s0 fan_speed.sh > -rwx------. root root system_u:object_r:mrtg_etc_t:s0 hdd_temp.sh > -rwx------. root root system_u:object_r:mrtg_etc_t:s0 mb_temp.sh > -rw-r--r--. root root system_u:object_r:mrtg_etc_t:s0 mrtg.cfg > -rwx------. root root system_u:object_r:mrtg_etc_t:s0 nbfan_speed.sh > > but I still get the permission denied errors. > What should the correct security context for the scripts be? Or do they > need to be moved to another location? > > BTW running the command as executed by the crontab by hand works without > problems. > > > Jurgen > mrtg_t can read etc_t but not execute it, these should probably be labeled bin_t. Please attach the AVC messages that mrtg is complaining about, so I can try to write a better setroubleshoot plugin for this. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
