I've received this email from an anonymous user about installing W3Perl on a SELinux distribution.
I just built our new proxy server : it is running under CentOS 5.4 with SELinux enabled (according to RedHat default). I had many
issues with W3Perl 3.07, which is not ready for SELinux; here are the several fixes I applied in order to have W3Perl running with
SELinux enabled.
WARNING : I am pretty new to SELinux, I am not a master at all. I just had to prepare a software port on RedHat, so I had to dig
into this topic deeply enough, so that our customers can run our software. But this does not mean that I am now a highly skilled
SELinux master - it is not the case.
- Check audit logs
use the following command to check what may be wrong :
ausearch -c httpd -m avc
- GeoIP plugin
I had to change the security context of
/var/lib/GeoIP and
/var/lib/GeoIP/GeoIP.dat
thus I ran :
chcon -t httpd_sys_content_t /var/lib/GeoIP
chcon -t httpd_sys_content_t /var/lib/GeoIP/GeoIP.dat
- Network access
system-config-selinux
selected the "Boolean" menu, and unfolded the "HTTPD Service" entry : here, I checked the box labeled :
"Allow HTTPD scripts and modules to connect to the network"
- Admin password protection
as I tried to set a password in order to protect /w3perl/admin/, SELinux complained again that it could not access to my
password file :
/var/www/html/w3perl/admin/passwords
it alleged that I could use the following command in order to fix the issue :
setsebool -P httpd_unified=1
but to me it did not work. instead, I changed my file security context again :
chcon -t httpd_sys_content_t /var/www/html/w3perl/admin/passwords
- Log files and directory
w3perl had a hard time accessing the log files and the log directory; I solved it by changing the security context
to httpd_sys_content_t for each log file AND the directory /var/log/httpd
At this point, W3Perl ran successfully.