[users@httpd] SELinux great obstacle to getting further

[georg <ge...@telia.com>]

Hi, Ive been struggling to get my Apache - PHP - ODBC - MimerSql

going, now I almost there....

However some guy calling himself SELinux wont let me......

as per follows:
--------------------------------------------------------------------------------------------------------------------------
SELinux is preventing httpd from write access on the sock_file 
/usr/local/MimerSQL/mimtst/.fifo.
***** Plugin catchall_labels (83.8 confidence) suggests ********************
If you want to allow httpd to have write access on the .fifo sock_file
Then you need to change the label on /usr/local/MimerSQL/mimtst/.fifo
Do
# semanage fcontext -a -t FILE_TYPE '/usr/local/MimerSQL/mimtst/.fifo'
where FILE_TYPE is one of the following: dirsrv_var_run_t, mysqld_var_run_t, 
httpd_var_run_t, lsassd_var_socket_t, systemd_passwd_var_run_t, 
setrans_var_run_t, memcached_var_run_t, system_dbusd_var_run_t, 
postgresql_var_run_t, zarafa_server_var_run_t, mysqld_db_t, devlog_t, 
avahi_var_run_t, nscd_var_run_t, nslcd_var_run_t, sssd_var_lib_t, 
postgresql_tmp_t, httpd_tmp_t, abrt_var_run_t, nscd_var_run_t, 
winbind_var_run_t, httpd_tmpfs_t, pcscd_var_run_t, httpd_cvs_rw_content_t, 
httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t, 
httpd_apcupsd_cgi_rw_content_t, httpd_nutups_cgi_rw_content_t, 
httpd_dspam_rw_content_t, httpd_prewikka_rw_content_t, 
httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, passenger_var_run_t, 
httpd_smokeping_cgi_rw_content_t, httpd_w3c_validator_rw_content_t, 
httpd_dirsrvadmin_rw_content_t, httpd_collectd_rw_content_t, nscd_var_run_t, 
pcscd_var_run_t, httpd_zoneminder_rw_content_t, httpd_user_rw_content_t, 
httpd_awstats_rw_content_t, httpd_cobbler_rw_content_t, 
httpd_munin_rw_content_t, httpd_mojomojo_rw_content_t, init_var_run_t, 
httpd_bugzilla_rw_content_t.
Then execute:
restorecon -v '/usr/local/MimerSQL/mimtst/.fifo'
?
***** Plugin catchall (17.1 confidence) suggests ***************************
If you believe that httpd should be allowed write access on the .fifo 
sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:usr_t:s0
Target Objects /usr/local/MimerSQL/mimtst/.fifo [ sock_file ]
Source httpd
Source Path httpd
Port <Unknown>
Host this.is
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.10.0-121.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Host Name this.is
Platform Linux this.is 3.3.4-5.fc17.i686 #1 SMP Mon May 7
17:45:26 UTC 2012 i686 i686
Alert Count 10
First Seen Sun 19 May 2013 06:03:22 PM CEST
Last Seen Sun 26 May 2013 03:10:29 PM CEST
Local ID 0629a113-deb5-4413-8f5f-86c1a61080ec
Raw Audit Messages
type=AVC msg=audit(1369573829.588:110): avc: denied { write } for pid=2162 
comm="httpd" name=".fifo" dev="dm-1" ino=262454 
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:usr_t:s0 
tclass=sock_file
?
Hash: httpd,httpd_t,usr_t,sock_file,write
audit2allowunable to open /sys/fs/selinux/policy: Permission denied
?
audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied

--------------------------------------------------------
I have tried
setenforce 0
--- and I think at one brief session (or even two) I have had it working, 
but it seems that
that was caused by some sideeffect Im not able to reproduce.....

pls help if you have a clue
br Georg 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org