--- Pada Rab, 19/5/10, Adi Pane <if07...@students.del.ac.id> menulis:
> Dari: Adi Pane <if07...@students.del.ac.id> > Judul: Re: [tanya-jawab] squish on fedora 11 > Kepada: tanya-jawab@linux.or.id > Tanggal: Rabu, 19 Mei, 2010, 3:06 PM > sudah mas, hasil nya ini: > > Summary: > > SELinux is preventing the squid (squid_t) from executing > wrapzap. > > Detailed Description: > > SELinux has denied the squid from executing wrapzap. If > squid is supposed to be > able to execute wrapzap, this could be a labeling problem. > Most confined domains > are allowed to execute files labeled bin_t. So you could > change the labeling on > this file to bin_t and retry the application. If this squid > is not supposed to > execute wrapzap, this could signal a intrusion attempt. > > Allowing Access: > > If you want to allow squid to execute wrapzap: chcon -t > bin_t 'wrapzap' If this > fix works, please update the file context on disk, with the > following command: > semanage fcontext -a -t bin_t 'wrapzap' Please specify the > full path to the > executable, Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this selinux-policy > to make sure this becomes the default labeling. > > Additional Information: > > Source Context unconfined_u:system_r:squid_t:s0 > Target Context unconfined_u:object_r:usr_t:s0 > Target Objects wrapzap [ file ] > Source squid > Source Path /usr/sbin/squid > Port <Unknown> > Host localhost > Source RPM Packages squid-3.0.STABLE13-1.fc11 > Target RPM Packages > Policy RPM selinux-policy-3.6.12-39.fc11 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name execute > Host Name localhost > Platform Linux localhost 2.6.29.4-167.fc11.i686.PAE #1 SMP > > Wed May 27 17:28:22 EDT 2009 i686 i686 > Alert Count 155 > First Seen Wed May 19 08:37:50 2010 > Last Seen Wed May 19 09:13:07 2010 > Local ID 5584bdec-a033-4766-993d-3d562a04a4e4 > Line Numbers > > Raw Audit Messages > > node=localhost type=AVC msg=audit(1274235187.82:25439): > avc: denied { execute } for pid=8528 comm="squid" > name="wrapzap" dev=sda6 ino=94245 > scontext=unconfined_u:system_r:squid_t:s0 > tcontext=unconfined_u:object_r:usr_t:s0 tclass=file > > node=localhost type=SYSCALL msg=audit(1274235187.82:25439): > arch=40000003 syscall=11 success=no exit=-13 a0=2c666e0 > a1=bffbe0e8 a2=2d36b88 a3=4000 items=0 ppid=8523 pid=8528 > auid=0 uid=23 gid=23 euid=23 suid=23 fsuid=23 egid=23 > sgid=23 fsgid=23 tty=(none) ses=1 comm="squid" > exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 > key=(null) > > end > > > kalo selinux nya di disabled apa pengaruh nya mas? > cara men disabled selinux gmana mas?? > > kalo di fedora sih cari file /etc/selinux/config cari bagian selinux = enforce menjadi selinux = disabled -- FAQ milis di http://wiki.linux.or.id/FAQ_milis_tanya-jawab Unsubscribe: kirim email ke tanya-jawab-unsubscr...@linux.or.id Arsip dan info milis selengkapnya di http://linux.or.id/milis
