Hi,
I'm testing httpd with selinux in enforcing mode.
When starting httpd with default config I see this:
# service httpd start
httpd starten: httpd: apr_sockaddr_info_get() failed for wwwtest.xxx
httpd: Could not reliably determine the server's fully qualified domain
name, using 127.0.0.1 for ServerName [ OK]
with further investigation:
host=wwwtest.xxx type=AVC msg=audit(1316185060.545:463): avc: denied {
read } for pid=23381 comm="httpd" name="resolv.conf" dev=sda2
ino=574037 scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:object_r:file_t:s0 tclass=file
host=wwwtest.xxx type=SYSCALL msg=audit(1316185060.545:463):
arch=c000003e syscall=2 success=no exit=-13 a0=2ab98db308e8 a1=0 a2=1b6
a3=0 items=0 ppid=23380 pid=23381 auid=502 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=23 comm="httpd"
exe="/usr/sbin/httpd" subj=user_u:system_r:httpd_t:s0 key=(null)
But why is restorecon failing?
# ls -Z /etc/resolv.conf
-rw-r--r-- root root system_u:object_r:file_t /etc/resolv.conf
# restorecon -v /etc/resolv.conf
restorecon set context /etc/resolv.conf->system_u:object_r:net_conf_t:s0
failed:'Operation not permitted'
I found various hints about hardlinks to resolv.conf preventing it, but
there are none...
# find / -xdev -samefile /etc/resolv.conf
/etc/resolv.conf
Thx
Rainer
_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list
