Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...
|
/proc {getattr} failures: msg#00151
|
Subject: |
/proc {getattr} failures |
targeted policy on FC3
/var/log/messages show lots of avcs:
May 22 20:54:42 bengal kernel: audit(1116809682.160:0): avc: denied
{ getattr } for pid=2733 exe=/bin/ps path=/proc/1 dev=proc ino=65538
scontext=user_u:system_r:httpd_sys_script_t
tcontext=user_u:system_r:unconfined_t tclass=dir
...
May 22 20:54:42 bengal kernel: audit(1116809682.171:0): avc: denied
{ getattr } for pid=2733 exe=/bin/ps path=/proc/2660 dev=proc
ino=174325762 scontext=user_u:system_r:httpd_sys_script_t
tcontext=root:system_r:unconfined_t tclass=dir
'audit2allow' generates this rule in local.te
allow httpd_sys_script_t unconfined_t:dir { getattr };
'make load' shows the assertion error message
Assertion on line 17328 violated by allow httpd_sys_script_t
unconfined_t:dir { getattr };
make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
Then I learned that /proc, /selinux, and /sys do not have persistent
labels. What should
I do to solve this problem? Remove that assertion check?
Btw, anyone has a policy file for Gallery (gallery.sourceforge.net) with httpd?
Thanks a lot!
|
| |
