Setting setenforce 0 is only active for the current running session of the server. The problem will be back after the reboot. While that is fine to temporarily do that to see if SELinux is the thing blocking, it is generally very bad to use that to solve the problem and you definitely wouldn't want to have it like that on a production environment. I have been getting more and more frustrated with SELinux "silently" blocking things. I really need to take some time and understand how to properly make use of it and work with it. Command restorecon can be a life saver. Look up how to use it.
A good quote from another formu. It is about an apache cgi script but the SELinux stuff is very relevant: It is a security risk that someone could alter the script and do something you didn't intend as root. I would suggest *at*most* setting "SELINUX=permissive" in /etc/selinux/config. Then you'll still have a log of all the things that shouldn't have happened, if you ever need to look. A better option would be extract the AVC denials from the log file and run them through audit2allow to create a policy you could incorporate into the running SELinux policy. Do that as often as you need to address all the denials that are stopping your script from working. The best option is, as others posters have suggested, figure out why your application architecture is screwed up so much that it only works if it runs as root, then fix it. SELinux basically fulfills two security functions. It stops bad people from doing bad things, and it stops foolish people from doing stupid things. Sometimes it needs tuning, but if you just shut it off, it can't do anything for you. On Tue, Sep 14, 2010 at 3:44 AM, ha do <[email protected]> wrote: > if someone else got the same problem with me, to solve the issue please > follow > the link > > http://lists.opensips.org/pipermail/users/2010-June/013139.html > > Thank you > Ha` > > > > ----- Original Message ---- > From: ha do <[email protected]> > To: OpenSIPS <[email protected]> > Sent: Tue, September 14, 2010 11:12:47 AM > Subject: [OpenSIPS-Users] get error with opensip-cp on centos 5 > > Hi all > > i try to use the opensips-cp 4: > i login the the web page http://192.168.1.100/cp successfull > > the menu Admin + User are working properly > but the system menu does not work > i get the error on the webpage: > > sorry -- cannot open write fifo > > and this is the error in debug message : > Sep 14 00:10:42 localhost kernel: type=1400 audit(1284437442.630:49): avc: > denied { getattr } for pid=2093 comm="httpd" path="/tmp/opensips_fifo" > dev=dm-0 ino=884744 scontext=root:system_r:httpd_t:s0 > tcontext=root:object_r:tmp_t:s0 tclass=fifo_file > > > i did set fifo_mode, 0666 in opensips.cfg > > please help,what should i do to resolve problem > > Thank you > Ha` > > > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
