[JBoss JIRA] Deleted: (MODCLUSTER-237) CLONE - SE Linux in RHEL 6 does not support mod_cluster in the context of HTTPD
by Rebecca Newton (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-237?page=com.atlassian.jira.pl... ]
Rebecca Newton deleted MODCLUSTER-237:
--------------------------------------
> CLONE - SE Linux in RHEL 6 does not support mod_cluster in the context of HTTPD
> -------------------------------------------------------------------------------
>
> Key: MODCLUSTER-237
> URL: https://issues.jboss.org/browse/MODCLUSTER-237
> Project: mod_cluster
> Issue Type: Feature Request
> Environment: Apache 2.2.15 in RHEL 6 with mod_cluster in EAP
> Reporter: Rebecca Newton
> Assignee: Jim Tyrrell
>
> When trying to run mod_cluster module inside of Apache I need to create a custom SE Linux policy. This should not need to be done as RHEL should ship the correctly enabled SE Linux policy, although in talking with my resident RHEL expert, the error messaging is that mod_cluster is using write instead of append as the existing policy does. I will cross post this in BZ for the SE Linux team, as I am not sure where changes need to be made, I will update this ticket with that ticket number.
> The create SE Linux TE file looks like this:
> module jbosshttpd 1.0;
> require {
> type httpd_log_t;
> type httpd_t;
> type port_t;
> type soundd_port_t;
> class tcp_socket name_bind;
> class file write;
> class dir remove_name;
> class udp_socket name_bind;
> }
> #============= httpd_t ==============
> allow httpd_t httpd_log_t:dir remove_name;
> allow httpd_t httpd_log_t:file write;
> #!!!! This avc can be allowed using the boolean 'allow_ypbind'
> allow httpd_t port_t:udp_socket name_bind;
> allow httpd_t soundd_port_t:tcp_socket name_bind;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 7 months
[JBoss JIRA] Closed: (MODCLUSTER-237) CLONE - SE Linux in RHEL 6 does not support mod_cluster in the context of HTTPD
by Rebecca Newton (JIRA)
[ https://issues.jboss.org/browse/MODCLUSTER-237?page=com.atlassian.jira.pl... ]
Rebecca Newton closed MODCLUSTER-237.
-------------------------------------
Sorry, Jim, had cloning fail.
> CLONE - SE Linux in RHEL 6 does not support mod_cluster in the context of HTTPD
> -------------------------------------------------------------------------------
>
> Key: MODCLUSTER-237
> URL: https://issues.jboss.org/browse/MODCLUSTER-237
> Project: mod_cluster
> Issue Type: Feature Request
> Environment: Apache 2.2.15 in RHEL 6 with mod_cluster in EAP
> Reporter: Rebecca Newton
> Assignee: Jim Tyrrell
>
> When trying to run mod_cluster module inside of Apache I need to create a custom SE Linux policy. This should not need to be done as RHEL should ship the correctly enabled SE Linux policy, although in talking with my resident RHEL expert, the error messaging is that mod_cluster is using write instead of append as the existing policy does. I will cross post this in BZ for the SE Linux team, as I am not sure where changes need to be made, I will update this ticket with that ticket number.
> The create SE Linux TE file looks like this:
> module jbosshttpd 1.0;
> require {
> type httpd_log_t;
> type httpd_t;
> type port_t;
> type soundd_port_t;
> class tcp_socket name_bind;
> class file write;
> class dir remove_name;
> class udp_socket name_bind;
> }
> #============= httpd_t ==============
> allow httpd_t httpd_log_t:dir remove_name;
> allow httpd_t httpd_log_t:file write;
> #!!!! This avc can be allowed using the boolean 'allow_ypbind'
> allow httpd_t port_t:udp_socket name_bind;
> allow httpd_t soundd_port_t:tcp_socket name_bind;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 7 months
[JBoss JIRA] Created: (MODCLUSTER-237) CLONE - SE Linux in RHEL 6 does not support mod_cluster in the context of HTTPD
by Rebecca Newton (JIRA)
CLONE - SE Linux in RHEL 6 does not support mod_cluster in the context of HTTPD
-------------------------------------------------------------------------------
Key: MODCLUSTER-237
URL: https://issues.jboss.org/browse/MODCLUSTER-237
Project: mod_cluster
Issue Type: Feature Request
Affects Versions: 1.0.4.GA
Environment: Apache 2.2.15 in RHEL 6 with mod_cluster in EAP
Reporter: Rebecca Newton
Assignee: Jim Tyrrell
When trying to run mod_cluster module inside of Apache I need to create a custom SE Linux policy. This should not need to be done as RHEL should ship the correctly enabled SE Linux policy, although in talking with my resident RHEL expert, the error messaging is that mod_cluster is using write instead of append as the existing policy does. I will cross post this in BZ for the SE Linux team, as I am not sure where changes need to be made, I will update this ticket with that ticket number.
The create SE Linux TE file looks like this:
module jbosshttpd 1.0;
require {
type httpd_log_t;
type httpd_t;
type port_t;
type soundd_port_t;
class tcp_socket name_bind;
class file write;
class dir remove_name;
class udp_socket name_bind;
}
#============= httpd_t ==============
allow httpd_t httpd_log_t:dir remove_name;
allow httpd_t httpd_log_t:file write;
#!!!! This avc can be allowed using the boolean 'allow_ypbind'
allow httpd_t port_t:udp_socket name_bind;
allow httpd_t soundd_port_t:tcp_socket name_bind;
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
13 years, 7 months