LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-25-2010, 04:57 PM   #16
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34

I rebooted and tried the setsebool command again

setsebool -P httpd_can_network_connect 1

- after a wait of 1-2 minutes it returned

I issued
apachectl start
the selinux system did not record a message
BUT
when I ask apache to render index.shtml it still does not do the SSI
 
Old 07-25-2010, 05:09 PM   #17
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
You can disable SELinux temporarily using "setenforce 0" to see if that's your problem.
I'm not a SELinux expert, but AFAIK you can run
Code:
ls -lZ /var/www/html
to see the SELinux context of your files
 
1 members found this post helpful.
Old 07-25-2010, 06:49 PM   #18
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
I tried ls -lZ etc - all looked same

I was wrong - starting mysql is what triggers the error message

I did the setsebool etc

started apached - no prob

started mysql -
/etc/init.d/mysqld start
got same error message as before

and still no SSI
 
Old 07-25-2010, 11:34 PM   #19
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
Thnink I have 3 probs
1 - apache and mysql conflict over 3306
2- apache no ssi
3- persistent setsebool not persistent

plan to close thread - reasearch - open new thread in a few days as needed

thanks so much for your help

dick
 
Old 07-26-2010, 01:18 AM   #20
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
Sorry to hear that, but you shouldn't mark the thread solved.
Re: probs:
1. Apache does not conflict with mysql. Apache, or better a web page can connect to a mysql server to retrieve data

2. Comment out the "LoadModule ..." directive to see if apache complains about the XBitHack directive. Because the way it works now is like it doesn't use mod_include.
Also since you use this directive, create a .html page containing a SSI command (printenv is fine), make it executable:
Code:
chmod +x /var/www/html/ssi.html
and see if XBitHack works. Do this before disabling mod_include.

3. My experience with SELinux is very limited, so I cannot be of help here.

Regards

Last edited by bathory; 07-26-2010 at 01:51 AM. Reason: add info
 
1 members found this post helpful.
Old 07-26-2010, 11:21 AM   #21
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
Will do as you suggest, and report back results.
May not be able to do it immediately
Again - thanks so very much.
dick
 
Old 07-26-2010, 02:23 PM   #22
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
I created ssi.html with <!--#printenv --> as its body, marked it executable - did not work

commented out loadmodule for mod_include
apachectl start
Code:
Syntax error on line ... 
Invalid command 'XBitHack', perhaps misspelled ...
Removed the # .. error went away
 
Old 07-26-2010, 03:04 PM   #23
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
So it actually uses LoadModule...!!!
Add
Code:
AddHandler server-parsed .shtml
(this is from apache-1.3.x) and see if it helps.
 
1 members found this post helpful.
Old 07-26-2010, 03:08 PM   #24
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
Will do as per above
--
In last message, I failed to mention following:
The setsebool --- statement did in fact eliinate the selinux port 3306 message
Now - when I start mysql - (regardless of whether I have previously started apache)
I get the following
have not yet had the time to pursue it - as I'm committed to doing something
else for the next few hours.
Code:
Summary:

SELinux is preventing /bin/bash "search" access on /home/knox.

Detailed Description:

SELinux denied access requested by mysqld_safe. It is not expected that this
access is required by mysqld_safe and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                unconfined_u:system_r:mysqld_safe_t:s0
Target Context                unconfined_u:object_r:user_home_dir_t:s0
Target Objects                /home/knox [ dir ]
Source                        mysqld_safe
Source Path                   /bin/bash
Port                          <Unknown>
Host                          knox.knox-data
Source RPM Packages           bash-4.0.33-1.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-41.fc12
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     knox.knox-data
Platform                      Linux knox.knox-data 2.6.31.5-127.fc12.i686 #1 SMP
                              Sat Nov 7 21:41:45 EST 2009 i686 athlon
Alert Count                   883
First Seen                    Fri 09 Jul 2010 07:32:47 AM PDT
Last Seen                     Mon 26 Jul 2010 01:23:16 AM PDT
Local ID                      42f86c42-746d-4b6e-9ece-ca7756572ca9
Line Numbers                  

Raw Audit Messages            

node=knox.knox-data type=AVC msg=audit(1280132596.210:49): avc:  denied  { search } for  pid=1962 comm="mysqld_safe" name="knox" dev=dm-0 ino=81993 scontext=unconfined_u:system_r:mysqld_safe_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir

node=knox.knox-data type=SYSCALL msg=audit(1280132596.210:49): arch=40000003 syscall=195 success=no exit=-13 a0=80e5d3b a1=bf8ebeac a2=3f8ff4 a3=88453e0 items=0 ppid=1960 pid=1962 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="mysqld_safe" exe="/bin/bash" subj=unconfined_u:system_r:mysqld_safe_t:s0 key=(null)
 
Old 07-26-2010, 03:14 PM   #25
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
Yes - I had noticed it in the 1.3 documentation but observed that it disappeared in the 2.2 version.

Added it

No change :-(
 
Old 07-26-2010, 03:20 PM   #26
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
Quote:
Yes - I had noticed it in the 1.3 documentation but observed that it disappeared in the 2.2 version.

Added it

No change :-(
Crap! It works here (apache-2.2.15)
Anyway as a last resort, I've found this regarding SELinux and SSI:
Code:
setsebool -P httpd_ssi_exec 1
Other than that, disable SELinux (at least temporarily), restart apache and test, just to rule out it's not SELinux the culprit.

Last edited by bathory; 07-26-2010 at 03:26 PM. Reason: typo
 
1 members found this post helpful.
Old 07-26-2010, 03:42 PM   #27
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
I entered
setenforce 0
started apache

still does not do ssi - neither bithack or shtml

so you know .. this is not a matter of life or death to me because when my material gets out on godaddy it works just fine

however - it would be handy for it to work here and i appreciate your support in trying to make it happen - that notwithstanding if you decide this is more pain than it's worth I won't feel cheated

dick
 
Old 07-26-2010, 04:08 PM   #28
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
I'm curious to know date and size of your mod_include.so
mine is dated 2010-04-10 08:22 and size is 42648

if yours is later and different size - maybe someone fixed this problem? or earlier and diferent size - maybe someone broke my version

i upgraded for security and got a version of fedora that would not run on my hardware - someone changed the display driver and made it incompatible with my board - so I changed back

the point is that the system is in flux

anyway - curious to know about your mod_include.so
 
Old 07-26-2010, 05:30 PM   #29
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,900

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
I'm running Slackware64 with apache compiled from source. If you think it's relevant the size of mod_include.so is 63501 bytes. The date is the date apache was installed, so it's not important.

I don't know what else to think. Maybe you can uninstall 2.2.15 and install an older version and see if that works.
 
1 members found this post helpful.
Old 07-26-2010, 06:39 PM   #30
rmknox
Member
 
Registered: May 2010
Posts: 354

Original Poster
Rep: Reputation: 34
I have a very limited need for SSI

I'm using php to do mysql - and php supports includes.

So the only place I need SSI is html pages that do not involve php - in my case those are rare - and in about 1 min I can ftp to godaddy and check them.

So lets hang it up

and again thanks so much

dick
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Configuring Apache2 to use Server Side Includes HellesAngel Linux - Server 1 09-14-2007 03:01 AM
Apache; server side include unifiedquarks Linux - Server 3 05-07-2007 06:44 AM
How do I get my Server Side Includes to work? pmedes Linux - Software 4 11-08-2004 03:25 AM
How to run a server-side Javascript in Apache Linh Programming 2 07-15-2004 10:36 AM
Server Side Includes warlock33 Linux - Software 2 02-13-2003 01:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration