[Mailman-Users] Archives, the "Forbidden Zone"

Nathan Fiedler nfiedler at bluemarsh.com
Sun Nov 21 17:25:39 CET 2004


On Sun, 2004-11-21 at 08:07 -0800, Kenneth Porter wrote:
> Anything interesting in /var/log/httpd or /var/log/messages?

The Apache error_log just has the usual "permission denied" message.
Now /var/log/messages is a different story, and I never thought to look
at that one:

Nov 21 08:18:12 chip kernel: audit(1101053892.157:0): avc:  denied
{ read } for  pid=25155 exe=/usr/sbin/httpd name=jswat-announce dev=hda6
ino=75928 scontext=root:system_r:httpd_t
tcontext=root:object_r:mailman_data_t tclass=lnk_file

Nov 21 08:18:12 chip kernel: audit(1101053892.157:0): avc:  denied
{ getattr } for  pid=25155 exe=/usr/sbin/httpd
path=/var/lib/mailman/archives/public/jswat-announce dev=hda6 ino=75928
scontext=root:system_r:httpd_t tcontext=root:object_r:mailman_data_t
tclass=lnk_file

> Are there symlinks here to the directories in private? Here's what I see in 
> my installation on FC2 (where the system is installed to /var/mailman):

Yep, I forgot to mention that I ran withlist fix_url at one point:

lrwxrwxrwx  1 root mailman 48 Nov 20 15:44 jswat-announce -
> /var/lib/mailman/archives/private/jswat-announce

So does anyone understand the audit error messages? I suppose that has
something to do with SELinux being enabled on this system, but I know
next to nothing about it.

Thanks

n





More information about the Mailman-Users mailing list