Bug 615702

Summary: mod_userdir seems to not be useable because of selinux problems
Product: [Fedora] Fedora Reporter: Doug P <redhat-bugzilla>
Component: lighttpdAssignee: Matthias Saou <matthias>
Status: CLOSED WORKSFORME QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: matthias, redhat-bugzilla
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-29 15:42:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Doug P 2010-07-18 05:30:04 UTC
Description of problem:

It seems that lighttpd's mod_userdir doesn't work with selinux.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. yum install lighttpd
2. Create a file "/etc/lighttpd/conf.d/aaa-local.conf" with with:
server.modules += ("mod_userdir")
userdir.path = "public_html"

3. lighttpd start
4. create public_html, alter permissions and run restorecon. The setup I have is...

ls -lhdZ / /home /home/doug /home/doug/public_html/

dr-xr-xr-x. root root system_u:object_r:root_t:s0      /
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
drwxr-xr-x. doug doug unconfined_u:object_r:user_home_dir_t:s0 /home/doug
drwxrwxr-x. doug doug unconfined_u:object_r:httpd_user_content_t:s0 /home/doug/public_html/

5. service lighttpd start
6. Try and access http://server/~doug with a web browser.

Actual results:


An error is logged to /var/log/audit/audit.log:

type=SYSCALL msg=audit(1279379090.094:288): arch=40000003 syscall=195 success=no exit=-13 a0=941d6d0 a1=bf8b3040 a2=a3fff4 a3=93e7a20 items=0 ppid=1 pid=5269 auid=500 uid=496 gid=490 euid=496 suid=496 fsuid=496 egid=490 sgid=490 fsgid=490 tty=(none) ses=7 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)

Expected results:

The files in the user's public html directory.

Additional info:

It works as expected if selinux is disabled and the computer is rebooted. So, I think I've found the problem, but I have no idea about how to go about fixing it.

Comment 1 Matthias Saou 2010-07-29 15:23:00 UTC
First question before I start looking into this : Have you executed the following?

setsebool -P httpd_enable_homedirs=on

Comment 2 Matthias Saou 2010-07-29 15:42:59 UTC
I've tested on RHEL5 and it fails, but after changing the above, it works. Note that I also needed to add the following, so maybe lighttpd is being denied lookups for the home directory :
userdir.basepath = "/home/"
This would be another problem, maybe worth debugging, but you don't seem to be having it.