Tag Archive | "selinux"

Tags: , , , ,

Aaaaaaaaaaaargh SELinux!

Posted on 06 January 2009 by Demian Turner

When it comes to installing Trac it’s not something I usually worry about, I must have installed it from version 0.9 to the latest around 20 times and on at least most of the flavours of linux, OS X and recently Windows.  It used to be tough to setup but the package has been great improved over the years.

And what great software, by the way, I can’t say enough good things about Trac, I’ve been running all my projects on it for around the last 4 years.

But I recently got a new dedicated box, running Fedora Core 9 32 bit, and I’ve already installed Trac twice on this OS, it’s one of the smoothest platform/software combos.  However something went wrong, with the app complaining about requiring root permissions to write to the DB file.  Considering I setup Trac to run with the mod_python module in Apache, this seemed a little strange.  Stranger still was that Google returned absolutely ZERO results for the error message I was getting:

The user root requires read _and_ write permission to the database file 

The log file set to DEBUG also failed to shed any light.  I tried giving root every possible permission to the DB file and its parent folder but the above error persisted.

After banging my head against the wall it struck me that maybe my new web hoster enabled SELinux by default, something I always take special precautions to disable  right off the bat, having struggled with it in the past.

A prompt reply from RapidSwitch revealed that it was in fact enabled, and it was a quick job to disable it.

You can check the status of SELinux in the configuration file as follows:


You can then disable or enable it by editing this file.  The contents of the file looks like this on Fedora:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - No SELinux policy is loaded.
# SELINUXTYPE= can take one of these two values:
#       targeted - Targeted processes are protected,
#       mls - Multi Level Security protection.

Needless to say, problem solved!

I hope there will be at least 1 Google result now 😉

NB: I’ve recently used a pretty handy recipe HOWTO install Trac on Fedora Core 9, it needs some adaptation which I hope to post soon.

Comments (6)



Demian Turner's currently-reading book recommendations, reviews, favorite quotes, book clubs, book trivia, book lists