I tried configuring Linux so Apache wouldn't have to look outside /var/www for any of its data. I arranged the HD with a separate partition for /var/www so Apache/SElinux would be happy with its own little sandbox. The installation failed. Apparently Anaconda couldn't hack /var/www being on its own file system. So, back to the usual disk arrangement.
I installed Fedora 10 and immediately ran the updates, all 770 MB of them, before doing anything else. With the storms in the west nobody seemed to miss omen.com being down over Christmas.
With the up to date system, Apache would fail at line 280 on its init script insisting that the document root had to be a directory. I checked the syntax, directory perms et al but no joy. I didn't see an SElinux denial popup. Apache just thought its document root directory wasn't a directory.
Disabling SElinux made it all better.
There is something special about SElinux that makes it such an issue for me and others in similar situations. To adequately test Fedora before deploying it would require a separate local network and a separate ISP connection. This is not a viable solution for many.
As a result, problems such as SElinux and Apache crop up when a system is being brought online when downtime to mess with the mess is not available in abundance. The necessary solution is to disable SElinux and hope the next iteration will be ready for prime time.
If BSD is secure without SElinux, why not Fedora?
Chuck, can you please RTFM and join us in the 21st century, and stop harping on about this? It's hardly appropriate for the test list.
On 12/27/08, Rob K robk@ningaui.net wrote:
Chuck, can you please RTFM and join us in the 21st century, and stop
How about you lose the snooty attitude, and start reading a post with listening skills first. I'm sure you recall as least approximately where some text is in the manual which applies to his situation, so point it out.
harping on about this? It's hardly appropriate for the test list.
Then, it's appropriate for what? There is no bug to file - as you noted he should have simply read the manual. As someone who has struggled with selinux recently, I can at least understand his frustration, even if I can't help with his problem
jerry
On Sat, Dec 27, 2008 at 7:34 PM, Jerry Amundson jamundso@gmail.com wrote:
On 12/27/08, Rob K robk@ningaui.net wrote:
Chuck, can you please RTFM and join us in the 21st century, and stop
How about you lose the snooty attitude, and start reading a post with listening skills first. I'm sure you recall as least approximately where some text is in the manual which applies to his situation, so point it out.
harping on about this? It's hardly appropriate for the test list.
Then, it's appropriate for what?
fedora-selinux-list if he wants actual help, though http+selinux is fairly well documented in the manpages and google at this point.
On 12/27/08, Arthur Pemberton pemboa@gmail.com wrote:
On Sat, Dec 27, 2008 at 7:34 PM, Jerry Amundson jamundso@gmail.com wrote:
On 12/27/08, Rob K robk@ningaui.net wrote:
Chuck, can you please RTFM and join us in the 21st century, and stop
How about you lose the snooty attitude, and start reading a post with listening skills first. I'm sure you recall as least approximately where some text is in the manual which applies to his situation, so point it out.
harping on about this? It's hardly appropriate for the test list.
Then, it's appropriate for what?
fedora-selinux-list if he wants actual help, though http+selinux is fairly well documented in the manpages and google at this point.
Thanks.
jerry
On Sat, Dec 27, 2008 at 5:22 PM, Chuck Forsberg WA7KGX N2469R caf@omen.com wrote:
I tried configuring Linux so Apache wouldn't have to look outside /var/www for any of its data. I arranged the HD with a separate partition for /var/www so Apache/SElinux would be happy with its own little sandbox. The installation failed. Apparently Anaconda couldn't hack /var/www being on its own file system. So, back to the usual disk arrangement.
I installed Fedora 10 and immediately ran the updates, all 770 MB of them, before doing anything else. With the storms in the west nobody seemed to miss omen.com being down over Christmas.
With the up to date system, Apache would fail at line 280 on its init script insisting that the document root had to be a directory. I checked the syntax, directory perms et al but no joy. I didn't see an SElinux denial popup. Apache just thought its document root directory wasn't a directory. Disabling SElinux made it all better.
There is something special about SElinux that makes it such an issue for me and others in similar situations. To adequately test Fedora before deploying it would require a separate local network and a separate ISP connection. This is not a viable solution for many.
As a result, problems such as SElinux and Apache crop up when a system is being brought online when downtime to mess with the mess is not available in abundance. The necessary solution is to disable SElinux and hope the next iteration will be ready for prime time.
If BSD is secure without SElinux, why not Fedora?
Consider how many people use SELinux especially when serving HTTP. Maybe in FC2/3 it was a bit troublesome. But at this stage of development, you really shouldn't have enough problems with SELinux and Apache to warrant an email.