Cacti (home)ForumsRepositoryDocumentation
Cacti: offical forums and support  

 FAQFAQ   SearchSearch   MemberlistMemberlist    RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in    


SELinux & FC4

 
Post new topic   Reply to topic    Cacti Forum Index -> Help: Linux/Unix Specific
Author Message
NealC



Joined: 12 Jun 2006
Posts: 2
PostPosted: Mon Jun 12, 2006 6:53 am    Post subject: SELinux & FC4 Reply with quote
Apropos SELinux and broken graph images.

OK, some good threads regarding SElinux and Cacti on FC3 (http://forums.cacti.net/viewtopic.php?t=7759) and FC5 (http://forums.cacti.net/about12694.html). However, I had to use a slighlty different procedure for FC4, so I thought I'd post it here in case anyone else finds it useful.


First, I had to install the SELinux policy sources:
Code:
yum install selinux-policy-targeted-sources


Next, I had to pipe the errors into audti2allow:
Code:
cat /var/log/audit/audit.log | audit2allow

which gave me:
Code:
allow httpd_sys_script_t httpd_sys_content_t:lnk_file read;
allow httpd_sys_script_t var_lib_t:file { getattr read };
allow httpd_t var_log_t:file { append getattr };


Then, I cut and pasted these lines from the terminal into /etc/selinux/targeted/src/policy/domains/misc/local.te.

Then, from /etc/selinux/targeted/src/policy/ I ran:
Code:
make reload
(I've no idea if you actually have to be in that directory though...)

Finally, I restarted httpd. Happilly, I now have graphs appearing in my browser

Being fairly new to Linux, and a complete noob with SELinux and Cacti, this took me about 3 days Hopefully this will save someone else a bit of time.

Thanks to mshook and rony for the above 2 posts from which I finally cobbled my solution togethor - easy when you know how, huh?
Back to top
rony
Developer/Forum Admin


Joined: 17 Nov 2003
Posts: 5447
Location: Wisconsin, USA
PostPosted: Mon Jun 12, 2006 3:34 pm    Post subject: Reply with quote
I have been meaning to figure this stuff out the correct degree, but I haven't had time. So I just typically switch it to non-enforcing..
Back to top
NealC



Joined: 12 Jun 2006
Posts: 2
PostPosted: Mon Jun 12, 2006 4:10 pm    Post subject: Reply with quote
I very nearly did disable/switch profile for SELinux...but being a live box, I didn't want to reboot it...

Also, being rather paranoid, I'd rather keep any security measures I can in place.

I hope you don't take my post as a slight - I am very grateful for the information you have posted, just thought some else (like me) may appreciate a 'quick n easy' guide - I know thats what I was looking for !

Thanks again
Back to top
rony
Developer/Forum Admin


Joined: 17 Nov 2003
Posts: 5447
Location: Wisconsin, USA
PostPosted: Mon Jun 12, 2006 7:31 pm    Post subject: Reply with quote
I did not take it as a slight, as I don't know much about how to configure SELinux.. I will copy this into the SElinux sticky.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Cacti Forum Index -> Help: Linux/Unix Specific All times are GMT - 5 Hours
Page 1 of 1

 



Powered by phpBB © 2001, 2005 phpBB Group