yum install setroubleshoot-server.noarch setroubleshoot.noarch
Allow Apache to listen to a different port and check which port is selinux allowed:
semanage port -a -t http_port_t -p tcp 81
semanage port -l
selinux also prevent mysqld to start after relocate /var/lib/mysql to /home/mysql:
chcon -R -t mysqld_var_run_t /home/mysql
ll -Z .
-rw-rw---- mysql mysql user_u:object_r:mysqld_var_run_t ibdata1
-rw-rw---- mysql mysql user_u:object_r:mysqld_var_run_t ib_logfile0
-rw-rw---- mysql mysql user_u:object_r:mysqld_var_run_t ib_logfile1
drwx------ mysql mysql user_u:object_r:mysqld_var_run_t mysql
drwx------ mysql mysql user_u:object_r:mysqld_var_run_t test
Allow mysqld to use /home/mysql
# cat /tmp/avc
host=tortoise type=AVC msg=audit(1221459330.317:413): avc: denied { create } for pid=7642 comm="mysqld" name="forum_db" scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:mysqld_var_run_t:s0 tclass=dir
# audit2allow -M local < /tmp/avc
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i local.pp
# semodule -i local.pp
#audit2allow -M local -i /var/log/audit/audit.log
httpd access denial, change type to httpd_sys_content_t
chcon -R -t httpd_sys_content_t /var/www/html/
No comments:
Post a Comment