Hi, happy SELinux.
I have a AWS fedora server SELinux enabled.
I could system-upgrade from 22 to 23 allright except one boolean option had been reset to (off,off).
Why did not boolean value survive after system-upgrade reboot?
Here's what I did. ------------------------------------------------------------------------------ # dnf update --refresh # dnf install dnf-plugin-system-upgrade # dnf system-upgrade download --releasever=23 # dnf system-upgrade reboot
I checked by web page and I got,
ERROR: SQLSTATE[08006] [7] could not connect to server: Permission denied Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Permission denied Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432?
I knew I set some boolean --off to --on, so I grepped the boolean list.
# semanage boolean --list | grep httpd
I found this despite my difinition.
httpd_can_network_connect_db (off , off) Allow httpd to can network connect db
So, I set the value again.
# semanage boolean --modify httpd_can_network_connect_db --on ------------------------------------------------------------------------------------ No problem otherwise, thanks.
Port 5432 is for the postgres database server. Did you dis/enable postgres sometime?
Bob G
On 11/15/2015 03:20 PM, Shintaro Fujiwara wrote:
Hi, happy SELinux.
I have a AWS fedora server SELinux enabled.
I could system-upgrade from 22 to 23 allright except one boolean option had been reset to (off,off).
Why did not boolean value survive after system-upgrade reboot?
Here's what I did.
# dnf update --refresh # dnf install dnf-plugin-system-upgrade # dnf system-upgrade download --releasever=23 # dnf system-upgrade reboot
I checked by web page and I got,
ERROR: SQLSTATE[08006] [7] could not connect to server: Permission denied Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Permission denied Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432?
I knew I set some boolean --off to --on, so I grepped the boolean list.
# semanage boolean --list | grep httpd
I found this despite my difinition.
httpd_can_network_connect_db (off , off) Allow httpd to can network connect db
So, I set the value again.
# semanage boolean --modify httpd_can_network_connect_db --on
No problem otherwise, thanks.
-- Linux Distribution Project http://sourceforge.net/projects/pinkrabbitlinux/
日本にヘヴィメタル・ハードロックを根付かせるページ http://heavymetalhardrock.no-ip.info/
世界中でセキュアOSのSELinuxを使いやすくするフリーソフト http://sourceforge.net/projects/segatex/
CMS(PHPとPostgreSQLを使ったフリーソフト) http://sourceforge.net/projects/webon/ https://github.com/intrajp/irforum_jp
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 11/15/2015 10:20 PM, Shintaro Fujiwara wrote:
Hi, happy SELinux.
I have a AWS fedora server SELinux enabled.
I could system-upgrade from 22 to 23 allright except one boolean option had been reset to (off,off).
Why did not boolean value survive after system-upgrade reboot?
It's a bug, see https://bugzilla.redhat.com/show_bug.cgi?id=1279621#c1
There's a workaround and a fix should be already on it's way to updates.
Petr
Hi, Bob.
Port 5432 is for the postgres database server. Did you dis/enable
postgres sometime?
Yes, I'm using PostgreSQL actually. I upgraded fedora, so there was dis/enable postgres. Thanks for noticing me that.
Hi, Petr.
It's a bug, see https://bugzilla.redhat.com/show_bug.cgi?id=1279621#c1 There's a workaround and a fix should be already on it's way to updates.
Thanks for letting me know that it's a bug and fixing is on process. I set the boolean on, so httpd can access postgres now. I will wait and see the bug fixed. Thanks!
2015-11-16 18:00 GMT+09:00 Petr Lautrbach plautrba@redhat.com:
On 11/15/2015 10:20 PM, Shintaro Fujiwara wrote:
Hi, happy SELinux.
I have a AWS fedora server SELinux enabled.
I could system-upgrade from 22 to 23 allright except one boolean option
had
been reset to (off,off).
Why did not boolean value survive after system-upgrade reboot?
It's a bug, see https://bugzilla.redhat.com/show_bug.cgi?id=1279621#c1
There's a workaround and a fix should be already on it's way to updates.
Petr
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
selinux@lists.fedoraproject.org
-
Bob Gustafson -
Petr Lautrbach -
Shintaro Fujiwara