CentOS 5.2 SELinux

on October 12th, 2008 by 小桥 | 1 Comment »

CentOS 5.2,在启用SELinux的情况下配置vsftpd使用pam_mysql做用户认证和安装Zend Optimizer v3.3.3还是有点麻烦的,需要改SELinux的规则才能使用。
首先,
#cd /usr/local/Zend
#find lib -type d -exec chcon -t lib_t {} \;
#find lib -name "*.so" -exec chcon -t textrel_shlib_t {} \;
接着编辑/etc/selinux/targeted/modules/local strattera adhd.te文件如下:

module local 1.0;
require {
type httpd_t;
type ftpd_t;
type mysqld_db_t;
type mysqld_var_run_t;
type mysqld_t;
class process { execstack execmem execheap };
class dir search;
class sock_file write;
class unix_stream_socket connectto;
class capability { dac_read_search dac_override };
}
#============= httpd_t ==============
allow httpd_t self:process { execstack execmem execheap };
#============= ftpd_t ==============
allow ftpd_t mysqld_db_t:dir search;
allow ftpd_t mysqld_t:unix_stream_socket connectto;
allow ftpd_t mysqld_var_run_t:sock_file write;
allow ftpd_t self:capability { dac_read_search dac_override };

然后运行以下命令:
checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod
semodule -i ./local.pp
还要运行一下这个命令,vsftpd才能让本地/虚拟用户正常登陆
setsebool -P ftp_home_dir 1

如果还有什么不正常,参考audit2allow -a /var/log/audit/audit.log

Posted in 技术
Tags: , ,

{Leave a response }

  1. pan says:
    October 12, 2008 at 11:28 pm

    selinux太复杂了…

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA * Time limit is exhausted. Please reload the CAPTCHA.