SElinux and FC5

[mshook]

I just got asked about how to fix the SELinux stuff when using FC5. To make the story short, the fedora people switched to the reference policy for FC5 making the previous instructions useless.

So in a nutshell, to solve these pesky selinux error messages, read the audit2allow man page (especially the EXAMPLE section).

If you're lazy, just follow this (just a cut'n'paste from the man page):

Using audit2allow to generate module policy

$ cat /var/log/audit/audit.log | audit2allow -m local > local.te

<review local.te and customize as desired>

Building module policy manually

# Compile the module
$ checkmodule -M -m -o local.mod local.te
# Create the package
$ semodule_package -o local.pp -m local.mod
# Load the module into the kernel
$ semodule -i local.pp

Note that you might have to do this a couple of times before getting it right (because each time you fix a permission issue, there might be chances new ones will arise).

- Mathieu

[bdbrumm]

After PHP is installed in a source build in FC6, I received the following message when trying to start Apache2:

vc: denied { execmod } for pid=1882 comm="httpd" name="libphp5.so" dev=dm-0 ino=983170 scontext=system_u:system_r:initrc_t:s0 tcontext=root:object_r:usr_t:s0 tclass=file

To correct this issue, I executed the following commands:

yum install checkpolicy
dmesg | grep audit | audit2allow -M local
semodule -i local.pp

reboot

Perhaps the thread below could be updated with the information above and in the previous post.
http://forums.cacti.net/viewtopic.php?t=7759