Is anyone running RT on a box with SELinux (ES4 in my case)?
Everything's been going peachy until for some reason yesterday
things got mucked up on /dev/log and now apache/RT cannot log
to syslog, which means several functions like merging are currently
inaccessible. Anybody happen to know what the proper context is
for that file? It's currently: system_u:object_r:devlog_t and the
errors I'm getting are:
#Pre- restorecon
Nov 9 19:30:25 rt kernel: audit(1226277025.460:207): avc: denied {
write } for pid=6378 comm="httpd.worker" name="log" dev=tmpfs
ino=32795 scontext=user_u:system_r:httpd_t
tcontext=root:object_r:device_t tclass=sock_file
#Post- restorecon
Nov 9 20:23:25 rt kernel: audit(1226280205.215:999): avc: denied {
sendto } for pid=6873 comm="httpd.worker" name="log"
scontext=user_u:system_r:httpd_t tcontext=root:system_r:unconfined_t
tclass=unix_dgram_socket
I've found a few pages online with hints on how I might be able to fix
this, but none use chcon and instead require modifying system policies
to add:
allow httpd_t device_t:sock_file write;
allow httpd_t unconfined_t:unix_dgram_socket sendto;
Which I cannot do as the necessary tools are not installed
(and the package manager is currently out of commission).
--
Cambridge Energy Alliance: Save money. Save the planet.
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
