To the professionals who work with Review Board

I'm eager to get started with Review Board, but it's not working out of the 
box. I have Fedora 20 installed, with RB 1.7.26 with httpd 2.4.10.

I can only work ReviewBoard if I turn off selinux, i.e. "setenforce off." 
We cannot do this on production.

Here are the audit logs associated with accessing review board. Note 
there's more than just httpd in this mix, but also memcached. What access 
rights am I missing?

type=AVC msg=audit(1408653306.680:2131): avc:  denied  { name_connect } 
for  pid=17402 comm="httpd" dest=11211 
scontext=system_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:memcache_port_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1408653306.680:2131): arch=c000003e syscall=42 
success=no exit=-13 a0=e a1=7fffbe2e0db0 a2=10 a3=7f80d17c79c8 items=0 
ppid=17356 pid=17402 auid=4294967295 uid=1152 gid=100 euid=1152 suid=1152 
fsuid=1152 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 
comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 
key=(null)
type=PROCTITLE msg=audit(1408653306.680:2131): 
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=AVC msg=audit(1408653306.803:2132): avc:  denied  { write } for  
pid=17402 comm="httpd" name="data" dev="dm-8" ino=260102 
scontext=system_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1408653306.803:2132): arch=c000003e syscall=21 
success=no exit=-13 a0=7f80d63eb990 a1=2 a2=7f80c6223f88 a3=0 items=0 
ppid=17356 pid=17402 auid=4294967295 uid=1152 gid=100 euid=1152 suid=1152 
fsuid=1152 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 
comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 
key=(null)
type=PROCTITLE msg=audit(1408653306.803:2132): 
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=AVC msg=audit(1408653306.803:2133): avc:  denied  { write } for  
pid=17402 comm="httpd" name="data" dev="dm-8" ino=260102 
scontext=system_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1408653306.803:2133): arch=c000003e syscall=21 
success=no exit=-13 a0=7f80d65442c0 a1=2 a2=7f80c6223f88 a3=0 items=0 
ppid=17356 pid=17402 auid=4294967295 uid=1152 gid=100 euid=1152 suid=1152 
fsuid=1152 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 
comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 
key=(null)
type=PROCTITLE msg=audit(1408653306.803:2133): 
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=AVC msg=audit(1408653306.803:2134): avc:  denied  { write } for  
pid=17402 comm="httpd" name="ext" dev="dm-8" ino=260116 
scontext=system_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1408653306.803:2134): arch=c000003e syscall=21 
success=no exit=-13 a0=7f80d5c39120 a1=2 a2=7f80c6223f88 a3=0 items=0 
ppid=17356 pid=17402 auid=4294967295 uid=1152 gid=100 euid=1152 suid=1152 
fsuid=1152 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 
comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 
key=(null)
type=PROCTITLE msg=audit(1408653306.803:2134): 
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
type=AVC msg=audit(1408653306.803:2135): avc:  denied  { write } for  
pid=17402 comm="httpd" name="ext" dev="dm-8" ino=260116 
scontext=system_u:system_r:httpd_t:s0 
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1408653306.803:2135): arch=c000003e syscall=21 
success=no exit=-13 a0=7f80d5c39120 a1=2 a2=7f80c6223f88 a3=0 items=0 
ppid=17356 pid=17402 auid=4294967295 uid=1152 gid=100 euid=1152 suid=1152 
fsuid=1152 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 
comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 
key=(null)
type=PROCTITLE msg=audit(1408653306.803:2135): 
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44

-- 
Get the Review Board Power Pack at http://www.reviewboard.org/powerpack/
---
Sign up for Review Board hosting at RBCommons: https://rbcommons.com/
---
Happy user? Let us know at http://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to