Fedora Linux Support Community & Resources Center
  #1  
Old 29th July 2009, 05:13 PM
AndP Offline
Registered User
 
Join Date: Jul 2009
Posts: 16
SELinux Troubleshooting Not Helpful

I've been impressed yet frustrated with SELinux since setting this machine up, and have been slowly working through allowing all of the things that need to be allowed as they come up

The situation is as follow:

The user that Apache is on owns the folder it is trying to create a file in
The user that Apache is on has the folder that it is trying to create a file in, set as its home directory
The context of the folder is public_content_t - changed to this to allow FTP access which now works

SELinux is disallowing Apache to create the file, but never gives a reason for this. Instead it advises that I might wish to change the folders context back to its default (httpd_sys_content_t), and gives a command to do so

This is clearly not the solution to the problem, as stopping the folder being public content will stop FTP from working again, however SELinux hasn't actually told me what the problem is

In an effort to convince it to divulge the actual issue at hand, the reason why access was denied, I attempted to change the default context for the folder to public_content_t to match its current context, hence denying SELinux any reason to prompt the difference in contexts as a solution

However, SELinux gave no command for making this change, so I attempted to construct one myself based on past experience and previous SELinux troubleshooting messages, although Terminal took the command and executed it without issue, clearly the default contexts remained unchanged as SElinux persisted in showing me the same useless Troubleshooting message

I will state again that I have been very happy (though frustrated) with SELinux thus far, but I'm not impressed with this troubleshooting message, the fact that it assumes that its perfered solution is the only and best one is both wrong and arrogant, and the fact that it never gives the real reason is just stupid. This is staying very close to Microsuck's level of unhelpfulness

Does anyone know a way to get SELinux to tell me what the actual problem is, so that I can look for a solution that better suits my needs? Or failing that a command line that actually will set the default context of the folder so that I can take the first step to finding out myself?

While we're on the general subject what is SELinux for "Thats how I want it set up so shut up and sit in the corner"? Because it keeps complaining that I've used folders in too many policies or some crap that I frankly just don't care about
Reply With Quote
  #2  
Old 29th July 2009, 09:22 PM
markkuk Offline
Registered User
 
Join Date: Apr 2005
Location: Finland
Posts: 5,075
linuxfirefox
You must set the context to public_content_rw_t and set the allow_httpd_anon_write boolean to 1 to allow writing. Public_content_t allows only reading. See "man httpd_selinux".
Reply With Quote
  #3  
Old 30th July 2009, 11:49 AM
AndP Offline
Registered User
 
Join Date: Jul 2009
Posts: 16
linuxfedorafirefox
Thanks, I have this working now
Reply With Quote
Reply

Tags
helpful, selinux, troubleshooting

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
I really need some helpful ppl to pull out a win right now darkskye Using Fedora 2 10th March 2008 08:48 PM
That darn helpful Thunderbird tashirosgt Using Fedora 3 30th January 2005 04:07 AM
Most helpful I've seen: FC2/FC3 jerrybasham Links 1 27th January 2005 10:12 PM


Current GMT-time: 04:28 (Saturday, 30-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat