Package: selinux-policy-default Version: 2:0.2.20100524-4 Severity: normal by deafult apache runs in the initrc_t domain. i think this is due to wrong labeling of the executeable binary. (/usr/sbin/apache2 is a symlink to /usr/lib/apache2/mpm-<whatever>/apache2). the file /usr/lib/apache2/mpm-<whatever>/apache2 is associated with the type lib_t. when i run chcon -t httpd_exec_t /usr/lib/apache2/mpm-<whatever>/apache2 and restart apache it runs in the correct domain httpd_t. unfortunately i'm not an expert in writing selinux policy rules so i can't propose a fix for that.
yours peter -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages selinux-policy-default depends on: ii libpam-modules 1.1.1-6.1 Pluggable Authentication Modules f ii libselinux1 2.0.96-1 SELinux runtime shared libraries ii libsepol1 2.0.41-1 SELinux library for manipulating b ii policycoreutils 2.0.82-3 SELinux core policy utilities ii python 2.6.6-3+squeeze4 interactive high-level object-orie Versions of packages selinux-policy-default recommends: ii checkpolicy 2.0.22-1 SELinux policy compiler ii setools 3.3.6.ds-7.2+b1 tools for Security Enhanced Linux Versions of packages selinux-policy-default suggests: pn logcheck <none> (no description available) pn syslog-summary <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
