[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SELinux denies write to socket file



I read through the Bugzilla ticket.  It looks like you and the reporter
came up with a good solution.

Maybe we can talk through some of the magic that seems to be involved in
making SELinux happy at the meeting tomorrow.  :-)

On Sun, Dec 02, 2018 at 06:50:45PM +0000, Andrew Bauer wrote:
> I have to admit. I've never really used selinux, and I shamelessly disable it when it "gets in my way". You know what they say, though. Admittance is the first stage on the road to recovery.
> 
> Anyways, I've got this package, fcgiwrap, that just reached stable in Fedora. Someone has just filed a bug report stating nginx cannot write to the fcgiwrap socket file. Makes sense I guess.... how is SELinux to know that this behavior is normal?  The only thing is, I cannot duplicate this on my own system.
> 
> Here is the bug report:
> https://bugzilla.redhat.com/show_bug.cgi?id=1655281
> 
> I am not sure what path I should take.
> Should I find a way to create the socket file in a way that does not trip selinux? If so, how?
> Should I file a bug report with SELinux to get it added to the global policy?
> 
> I suspect that this is a rather basic problem, and someone with experience troubleshooting SELinux (Steve!) will almost immediately know what to do. If not, that's okay. I'll figure this one out sooner or later. Thanks for reading.
> 
> Thanks,
> Andy
> 
> No Trees were killed in the sending of this message.
> However, a large number of electrons were terribly inconvenienced.

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.