Hi Chris, Jim, I've received the following response from the selinux maillist:
There is no longer a selinux-policy-<targeted/strict/mls>-sources RPM
available in FC5. All Policies are build from a selinux-policy.srpm
package, which contains all of the policy source files.
Happy Day.
Thorsten
Apparently the sources are not available in FC5. The context of the files is the one you wrote: httpd_sys_script_exec_t, in the cgis and also on the configuration files. The cgis are executed, but aren't able to read the objects configuration. I'm appending the list of the directories requested and a part of the syslog related to AVC. Thanks in advance!
MFC
[EMAIL PROTECTED] nagios]# ls --context /usr/lib/nagios/cgi-bin/
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t avail.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t cmd.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t config.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t extinfo.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t histogram.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t history.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t notifications.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t outages.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t showlog.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t status.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t statusmap.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t statuswml.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t statuswrl.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t summary.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t tac.cgi
-rwxr-xr-x root root system_u:object_r:httpd_sys_script_exec_t trends.cgi
[EMAIL PROTECTED] nagios]# ls --context
-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t bigger.cfg-sample
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t cgi.cfg
-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t cgi.cfg-sample
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t checkcommands.cfg
-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t checkcommands.cfg-sample
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t contactgroups.cfg
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t contacts.cfg
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t hostgroups.cfg
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t hosts.cfg
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t htpasswd.users
-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t minimal.cfg-sample
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t misccommands.cfg
-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t misccommands.cfg-sample
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t nagios.cfg
-rw-rw-r-- root root system_u:object_r:httpd_sys_script_exec_t nagios.cfg-sample
drwxr-x--- root root system_u:object_r:httpd_sys_script_exec_t private
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t services.cfg
-rw-r--r-- root root system_u:object_r:httpd_sys_script_exec_t timeperiods.cfg
[EMAIL PROTECTED] nagios]# ls --context private/
-rw-r----- root root system_u:object_r:httpd_sys_script_exec_t resource.cfg
-rw-r----- root root system_u:object_r:httpd_sys_script_exec_t resource.cfg-sample
audit(1151073510.912:1650): avc: denied { read } for pid=7942 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
audit(1151073601.054:1651): avc: denied { read } for pid=7999 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
audit(1151073696.660:1652): avc: denied { read } for pid=8037 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
audit(1151073787.393:1653): avc: denied { read } for pid=8067 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
audit(1151073877.523:1654): avc: denied { read } for pid=8108 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
audit(1151073967.653:1655): avc: denied { read } for pid=8203 comm="status.cgi" name="objects.cache" dev=dm-0 ino=98630 scontext=root:system_r:httpd_sys_script_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
