Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Jeff Rooney <jtrooney@×××××××××.com>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] apache2 selinux
Date: Thu, 19 Mar 2009 22:02:11
Message-Id: e9109f2e0903191502r76767f34s6af61dee34c43762@mail.gmail.com
1 I just installed a fresh copy of the gentoo and figured I'd give selinux a
2 shot and think that I have hammered out most of my issues, but have a quick
3 question. I have selinux running in targeted/enforcing mode but for some
4 reason apache is staying in the wrong context:
5
6 # ps fauxZ | grep apache2
7 unconfined_u:unconfined_r:unconfined_t root 7167 0.0 0.0 3836 572
8 pts/0 S+ 16:59 0:00 \_ grep --colour=auto apache2
9 user_u:system_r:initrc_t root 7153 0.0 0.0 152376 5912
10 ? Ss 16:55 0:00 /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D
11 LANGUAGE -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k start
12 user_u:system_r:initrc_t apache 7155 0.0 0.0 152376 3784
13 ? S 16:55 0:00 \_ /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D
14 LANGUAGE -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k start
15 user_u:system_r:initrc_t apache 7156 0.0 0.0 152376 3784
16 ? S 16:55 0:00 \_ /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D
17 LANGUAGE -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k start
18 user_u:system_r:initrc_t apache 7157 0.0 0.0 152376 3784
19 ? S 16:55 0:00 \_ /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D
20 LANGUAGE -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k start
21 user_u:system_r:initrc_t apache 7158 0.0 0.0 152376 3784
22 ? S 16:55 0:00 \_ /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D
23 LANGUAGE -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k start
24 user_u:system_r:initrc_t apache 7159 0.0 0.0 152376 3784
25 ? S 16:55 0:00 \_ /usr/sbin/apache2 -D DEFAULT_VHOST -D INFO -D
26 LANGUAGE -D PHP5 -d /usr/lib64/apache2 -f /etc/apache2/httpd.conf -k start
27
28
29 The other services on the box start up in their proper context just fine,
30 for example:
31 # ps fauxZ | grep mysqld
32 system_u:system_r:mysqld_t mysql 4100 0.0 0.0 214892 30996
33 ? Ssl 16:51 0:00 /usr/sbin/mysqld
34 --defaults-file=/etc/mysql/my.cnf --basedir=/usr --datadir=/var/lib/mysql
35 --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock
36
37
38 I have the selinux-apache policy installed
39
40 # semodule -l | grep apache
41 apache 1.9.1
42
43 I'm sure its something stupid that I'm missing, but any suggestions? Thanks
44
45
46 Jeff Rooney
47 jtrooney@×××××××××.com

Replies

Subject Author
Re: [gentoo-hardened] apache2 selinux Chris PeBenito <pebenito@g.o>
Report Message
Find on MARC Find on Google Groups