LinuxQuestions.org - selinux issues

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - selinux issues (https://www.linuxquestions.org/questions/linux-newbie-8/selinux-issues-4175474569/)

I am on centos 6 ,I have enabled selinux and also installed setroubleshoot

yum install setroubleshoot which install all the necessary packages for sealert.

I am having some issues with sealert not giving me reports on things selinux are blocking.Example, when I access webpages, I get forbidden error, and if I put selinux in permissive state the webpage works.

So the issue is that sealert is not reporting, how can I get it to work? I know it is a useful tool because I have used it before. sample errors are :

Aug 24 13:22:02 k5fdf kernel: type=1400 audit(1377364922.707:390): avc: denied { search } for pid=3768 comm="httpd" name="k5fdf" dev=xvda2 ino=7077892 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir
Aug 24 13:22:02 k5fdf kernel: type=1400 audit(1377364922.707:391): avc: denied { getattr } for pid=3768 comm="httpd" path="/home/k5fdf" dev=xvda2 ino=7077892 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir

Quote:

ps -aux | grep setroubleshoo

td
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.8/FAQ
root 10264 0.0 0.0 103244 840 pts/3 S+ 14:01 0:00 grep setroubleshootd
root 29076 0.0 7.1 420684 136892 ? Sl 09:32 0:04 /usr/bin/python -Es /usr/sbin/setroubleshootd -f

Code:

echo 'Aug 24 13:22:02 k5fdf kernel: type=1400 audit(1377364922.707:390): avc:  denied  { search } for  pid=3768 comm="httpd" name="k5fdf" dev=xvda2 ino=7077892 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir

Aug 24 13:22:02 k5fdf kernel: type=1400 audit(1377364922.707:391): avc:  denied  { getattr } for  pid=3768 comm="httpd" path="/home/k5fdf" dev=xvda2 ino=7077892 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir'|audit2allow

gives

Code:

#============= httpd_t ==============

#!!!! This avc can be allowed using one of the these booleans:

#    httpd_read_user_content, httpd_enable_homedirs



allow httpd_t user_home_dir_t:dir { search getattr };

so what does

Code:

getsebool -a|egrep "http.*(content|homedir)"

say?

that gives :

getsebool -a|egrep "http.*(content|homedir)"
httpd_enable_homedirs --> off
httpd_read_user_content --> off

Added steps:

I also removed

Quote:

yum remove setroubleshoot*

and reinstalled after I relabeled the system.Still get selinux errors but nothing being reported in /var/log/audit/audit.log , but I get the errors in /var/log/messages

Quote:

ug 24 13:22:02 k5fdf kernel: type=1400 audit(1377364922.707:390): avc: denied { search } for pid=3768 comm="httpd" name="k5fdf" dev=xvda2 ino=7077892 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_

All in All

I know how to fix the issue, but I dont know how to get sealert working.
If I issue the command,

Quote:

chcon -R --reference=/var/www/html /home/folder2

the website works,but I get no notification in sealert.

If unsure it would be better to first ask because removing and re-installing software is not the "right" approach for Linux applications and often an exercise in futility. Enable httpd_enable_homedirs and httpd_read_user_content (see 'man setsebool') then try accessing resources again.

Thank you your responses...but as i said in my last post,the issue is not just to get my website to work with selinux enabled,but to get sealert working.I know how to get the website working by issuing the chcon --reference command.I just want to get sealert to report selinux blocking the site because thelabels are not correct orsome warning,which is none now