Re: [CentOS] selinux policy and httpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/21/2012 08:05 AM, mark wrote: > On 11/21/12 05:17, Daniel J Walsh wrote: >> On 11/20/2012 03:56 PM, m.r...@5-cent.us wrote: >>> I upgraded a development server last week, and it started spewing >>> selinux errors to the log. I googled. What finally *seems* to have >>> stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade >>> selinux-policy\* >>> >>> This is on a 6.3 box. Has anyone else seen this behaviour? >>> >> I would doubt you needed to downgrade the policy. I would figure you got >> a new version of apache or some application that was requiring httpd to >> setrlimit. > > You mean *all* that garbage was because setrlimit needed to be set? If so, > I would have expected the installation or upgrade of the package to do that > in the postinstall. > > Thanks. > > mark I have no idea what happened to cause the problem. But I do know that selinux-policy releases always loosen policy on minor releases. Since there is no tightening of selinux-policy I don't see where upgrading or downgrading policy would suddenly cause apache to want to setrlimit. Other packages within the same update like potentially the kernel, httpd or perhaps the apps you are running in httpd could have caused it. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCs2hoACgkQrlYvE4MpobOzvwCcDIym/Y54c6WvO+S0mbohLTib ayYAn1hVBkjVEJwqNyxWwNxa+IhaMlx3 =Y4bP -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux policy and httpd
tried to install a new centos6.3 and apache. No luck to reproduce what you've been through. Don't know what the error is you had but I dont get any error from my log files. Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On 2012-11-21 9:08 PM, mark wrote: > On 11/21/12 00:55, Banyan He wrote: >> On 2012-11-21 4:56 AM, m.r...@5-cent.us wrote: >>> I upgraded a development server last week, and it started spewing selinux >>> errors to the log. I googled. What finally *seems* to have stopped it was >>> a) setsebool -P httpd_setrlimit 1 >>> b) yum downgrade selinux-policy\* >>> >>> This is on a 6.3 box. Has anyone else seen this behaviour? > > what's the error? How do you produce it? > > 1. Please don't top post. > 2. I'm an admin these days, not a developer. I don't "produce" it, > someone's presumably doing something, and I see the logs fill up. I > haven't dug down into what's doing it; I'm perplexed as to why it's > suddenly happening. > > Dan Walsh suggests I may have only needed to set the boolean; if that's > the case, then I question why the upgrade of the package didn't do that. > > mark > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux policy and httpd
On 11/21/12 00:55, Banyan He wrote: > On 2012-11-21 4:56 AM, m.r...@5-cent.us wrote: >> I upgraded a development server last week, and it started spewing selinux >> errors to the log. I googled. What finally *seems* to have stopped it was >> a) setsebool -P httpd_setrlimit 1 >> b) yum downgrade selinux-policy\* >> >> This is on a 6.3 box. Has anyone else seen this behaviour? > what's the error? How do you produce it? 1. Please don't top post. 2. I'm an admin these days, not a developer. I don't "produce" it, someone's presumably doing something, and I see the logs fill up. I haven't dug down into what's doing it; I'm perplexed as to why it's suddenly happening. Dan Walsh suggests I may have only needed to set the boolean; if that's the case, then I question why the upgrade of the package didn't do that. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux policy and httpd
On 11/21/12 05:17, Daniel J Walsh wrote: > On 11/20/2012 03:56 PM, m.r...@5-cent.us wrote: >> I upgraded a development server last week, and it started spewing selinux >> errors to the log. I googled. What finally *seems* to have stopped it was >> a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy\* >> >> This is on a 6.3 box. Has anyone else seen this behaviour? >> > I would doubt you needed to downgrade the policy. I would figure you got a > new version of apache or some application that was requiring httpd to > setrlimit. You mean *all* that garbage was because setrlimit needed to be set? If so, I would have expected the installation or upgrade of the package to do that in the postinstall. Thanks. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux policy and httpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/20/2012 03:56 PM, m.r...@5-cent.us wrote: > I upgraded a development server last week, and it started spewing selinux > errors to the log. I googled. What finally *seems* to have stopped it was > a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy\* > > This is on a 6.3 box. Has anyone else seen this behaviour? > > mark > > ___ CentOS mailing list > CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos > I would doubt you needed to downgrade the policy. I would figure you got a new version of apache or some application that was requiring httpd to setrlimit. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCsqiMACgkQrlYvE4MpobNEEgCgozkSWyv8NV0MmsLjc9+KQN32 3MoAn14eIuejHZScm5WeoCHszA3J8L97 =qvc4 -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux policy and httpd
what's the error? How do you produce it? Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On 2012-11-21 4:56 AM, m.r...@5-cent.us wrote: > I upgraded a development server last week, and it started spewing selinux > errors to the log. I googled. What finally *seems* to have stopped it was > a) setsebool -P httpd_setrlimit 1 > b) yum downgrade selinux-policy\* > > This is on a 6.3 box. Has anyone else seen this behaviour? > >mark > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux policy and httpd
On 20/11/12 20:56, m.r...@5-cent.us wrote: > I upgraded a development server last week, and it started spewing selinux > errors to the log. I googled. What finally *seems* to have stopped it was > a) setsebool -P httpd_setrlimit 1 > b) yum downgrade selinux-policy\* > > This is on a 6.3 box. Has anyone else seen this behaviour? > >mark > No. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
