Re: [CentOS] SELInux conflict with Postfixadmin
On 02/21/2017 12:06 PM, Daniel J Walsh wrote:
On 02/21/2017 11:52 AM, Robert Moskowitz wrote:
On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:
On 2017-02-21 17:30, Robert Moskowitz wrote:
postfixadmin setup.php is claiming:
*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.*
This goes away with 'setenforce 0', so it is an SELinux issue. I have
tried both:
restorecon -Rv /usr/share/postfixadmin
and
chcon -R -t httpd_sys_content_t /usr/share/postfixadmin
and they are not the problem. Googling this message doe snot produce
any SELinux advice.
Any ideas?
thanks
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Hi,
after 'setenforce 0' check the /var/log/audit/audit.log:
# grep /var/log/audit/audit.log | audit2why
Don't I need a search string in that grep command?
to see where the problem could be.
Anyway the last three entries are:
type=AVC msg=audit(1487695678.704:128): avc: denied { write } for
pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
permissive=1
If you want to allow apache processes to write to the templates_c
directory you need to label it httpd_sys_content_rw_t.
Thanks!
I undid the httpd_unified with:
setsebool -P httpd_unified 0
Then did
chcon -R -t httpd_sys_content_rw_t /usr/share/postfixadmin/templates_c
And SELinux appears to be happy.
type=SYSCALL msg=audit(1487695678.704:128): arch=4028 syscall=33
per=80 success=yes exit=0 a0=813c3ed0 a1=2 a2=0 a3=0 items=0
ppid=2053 pid=2055 auid=4294967295 uid=48 gid=48 euid=48 suid=48
fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295
comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0
key=(null)
type=PROCTITLE msg=audit(1487695678.704:128):
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELInux conflict with Postfixadmin
On 02/21/2017 11:52 AM, Robert Moskowitz wrote:
>
>
> On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:
>> On 2017-02-21 17:30, Robert Moskowitz wrote:
>>> postfixadmin setup.php is claiming:
>>>
>>> *Error: Smarty template compile directory templates_c is not writable.*
>>> *Please make it writable.*
>>> *If you are using SELinux or AppArmor, you might need to adjust their
>>> setup to allow write access.*
>>>
>>>
>>> This goes away with 'setenforce 0', so it is an SELinux issue. I have
>>> tried both:
>>>
>>> restorecon -Rv /usr/share/postfixadmin
>>>
>>> and
>>>
>>> chcon -R -t httpd_sys_content_t /usr/share/postfixadmin
>>>
>>> and they are not the problem. Googling this message doe snot produce
>>> any SELinux advice.
>>>
>>> Any ideas?
>>>
>>> thanks
>>>
>>> ___
>>> CentOS mailing list
>>> CentOS@centos.org
>>> https://lists.centos.org/mailman/listinfo/centos
>> Hi,
>>
>> after 'setenforce 0' check the /var/log/audit/audit.log:
>>
>> # grep /var/log/audit/audit.log | audit2why
>
> Don't I need a search string in that grep command?
>
>> to see where the problem could be.
>
> Anyway the last three entries are:
>
> type=AVC msg=audit(1487695678.704:128): avc: denied { write } for
> pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
> permissive=1
>
If you want to allow apache processes to write to the templates_c
directory you need to label it httpd_sys_content_rw_t.
> type=SYSCALL msg=audit(1487695678.704:128): arch=4028 syscall=33
> per=80 success=yes exit=0 a0=813c3ed0 a1=2 a2=0 a3=0 items=0
> ppid=2053 pid=2055 auid=4294967295 uid=48 gid=48 euid=48 suid=48
> fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295
> comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0
> key=(null)
>
> type=PROCTITLE msg=audit(1487695678.704:128):
> proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELInux conflict with Postfixadmin
On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:
On 2017-02-21 17:30, Robert Moskowitz wrote:
postfixadmin setup.php is claiming:
*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.*
This goes away with 'setenforce 0', so it is an SELinux issue. I have
tried both:
restorecon -Rv /usr/share/postfixadmin
and
chcon -R -t httpd_sys_content_t /usr/share/postfixadmin
and they are not the problem. Googling this message doe snot produce
any SELinux advice.
Any ideas?
thanks
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Hi,
after 'setenforce 0' check the /var/log/audit/audit.log:
# grep /var/log/audit/audit.log | audit2why
Don't I need a search string in that grep command?
to see where the problem could be.
Anyway the last three entries are:
type=AVC msg=audit(1487695678.704:128): avc: denied { write } for
pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
permissive=1
type=SYSCALL msg=audit(1487695678.704:128): arch=4028 syscall=33
per=80 success=yes exit=0 a0=813c3ed0 a1=2 a2=0 a3=0 items=0
ppid=2053 pid=2055 auid=4294967295 uid=48 gid=48 euid=48 suid=48
fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd"
exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1487695678.704:128):
proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELInux conflict with Postfixadmin
On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:
On 2017-02-21 17:30, Robert Moskowitz wrote:
postfixadmin setup.php is claiming:
*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.*
This goes away with 'setenforce 0', so it is an SELinux issue. I have
tried both:
restorecon -Rv /usr/share/postfixadmin
and
chcon -R -t httpd_sys_content_t /usr/share/postfixadmin
and they are not the problem. Googling this message doe snot produce
any SELinux advice.
Any ideas?
thanks
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Hi,
after 'setenforce 0' check the /var/log/audit/audit.log:
# grep /var/log/audit/audit.log | audit2why
to see where the problem could be.
Playing around a little with this, I added templates_c as the grep
string and got:
type=AVC msg=audit(1487695678.704:128): avc: denied { write } for
pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958
scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
permissive=1
Was caused by:
The boolean httpd_unified was set incorrectly.
Description:
Allow httpd to unified
Allow access by executing:
# setsebool -P httpd_unified 1
So I tried that, and the error went away. Going to have to add
audit2why in my notes.
thanks
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELInux conflict with Postfixadmin
On 2017-02-21 17:30, Robert Moskowitz wrote: > postfixadmin setup.php is claiming: > > *Error: Smarty template compile directory templates_c is not writable.* > *Please make it writable.* > *If you are using SELinux or AppArmor, you might need to adjust their > setup to allow write access.* > > > This goes away with 'setenforce 0', so it is an SELinux issue. I have > tried both: > > restorecon -Rv /usr/share/postfixadmin > > and > > chcon -R -t httpd_sys_content_t /usr/share/postfixadmin > > and they are not the problem. Googling this message doe snot produce > any SELinux advice. > > Any ideas? > > thanks > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos Hi, after 'setenforce 0' check the /var/log/audit/audit.log: # grep /var/log/audit/audit.log | audit2why to see where the problem could be. //Zdenek ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] SELInux conflict with Postfixadmin
postfixadmin setup.php is claiming: *Error: Smarty template compile directory templates_c is not writable.* *Please make it writable.* *If you are using SELinux or AppArmor, you might need to adjust their setup to allow write access.* This goes away with 'setenforce 0', so it is an SELinux issue. I have tried both: restorecon -Rv /usr/share/postfixadmin and chcon -R -t httpd_sys_content_t /usr/share/postfixadmin and they are not the problem. Googling this message doe snot produce any SELinux advice. Any ideas? thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
