Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1178210
Summary: | php-fpm can't write into redis' socket | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Renich Bon Ciric <renich> | |
Component: | selinux-policy | Assignee: | Simon Sekidde <ssekidde> | |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | |
Severity: | low | Docs Contact: | ||
Priority: | low | |||
Version: | 6.6 | CC: | angystardust, dwalsh, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde | |
Target Milestone: | rc | |||
Target Release: | 6.7 | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.7.19-273.el6 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1897517 (view as bug list) | Environment: | ||
Last Closed: | 2015-07-22 07:10:24 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1197105 |
Description
Renich Bon Ciric
2015-01-02 21:44:44 UTC
Looks like we would need to back port redis policy to make this work. For now you could add a custom policy module. (In reply to Daniel Walsh from comment #1) > Looks like we would need to back port redis policy to make this work. > > For now you could add a custom policy module. Ok, I will. commit cf60c35e07d2e430a4061ab30c6c40a49bfb5704 Author: Miroslav Grepl <mgrepl> Date: Tue Apr 14 11:05:24 2015 +0200 Allow redis to create /var/run/redis/redis.sock. commit a8cc60eeb13cf7f9a636261a26455afbaeacd75e Author: Miroslav Grepl <mgrepl> Date: Wed Jun 3 13:20:00 2015 +0200 Allow php-fpm write access to /var/run/redis/redis.sock Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1375.html It seems that the patch was lost somewhere around the git repository... On a rhel7 it was working fine because of the following policy rule: sesearch -A -s httpd_t -t redis_var_run_t -c sock_file -p write ; echo $? # Found 1 semantic av rules: allow domain pidfile : sock_file { write getattr append open } ; 0 but I don't have any output querying the selinux target policy on a rhel8 with the following command: # sesearch -A -s httpd_t -t redis_var_run_t -c sock_file -p write ; echo $? 0 Do I have to open a new bugzilla report? Hi Angelo, This is RHEL-6 bugzilla, could you please open ticket for RHEL-8 with your issue? Thanks, Lukas. |