| Summary: | SELinux is preventing httpd from 'getattr' accesses on the file /var/www/realwebtest/index.php. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Diego Garcia <diego.angc> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl, plautrba |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:f41db01964b2c9adc8abc5a12ccc0876e094045338c9e30dd11daba40d367f98;VARIANT_ID=workstation; | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-12 10:08:34 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Do you have a dosfs mounted on /var/www/realwebtest, or was this a file you mv'd to this location. If it was mv'd the alert told you what to do. ***** Plugin restorecon (99.5 confidence) suggests ************************ If quiere arreglar la etiqueta. La etiqueta predeterminada de /var/www/realwebtest/index.php debería ser httpd_sys_content_t. Then puede ejecutar restorecon. Do # /sbin/restorecon -v /var/www/realwebtest/index.php |
Description of problem: SELinux is preventing httpd from 'getattr' accesses on the file /var/www/realwebtest/index.php. ***** Plugin restorecon (99.5 confidence) suggests ************************ If quiere arreglar la etiqueta. La etiqueta predeterminada de /var/www/realwebtest/index.php debería ser httpd_sys_content_t. Then puede ejecutar restorecon. Do # /sbin/restorecon -v /var/www/realwebtest/index.php ***** Plugin catchall (1.49 confidence) suggests ************************** If cree que de manera predeterminada, httpd debería permitir acceso getattr sobre index.php file. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:dosfs_t:s0 Target Objects /var/www/realwebtest/index.php [ file ] Source httpd Source Path httpd Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-158.12.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.4.6-301.fc23.x86_64 #1 SMP Wed Mar 30 16:43:58 UTC 2016 x86_64 x86_64 Alert Count 15 First Seen 2016-04-11 08:53:51 COT Last Seen 2016-04-11 09:04:31 COT Local ID 9b7d1713-05f8-4213-b4d9-8b6c940dac7a Raw Audit Messages type=AVC msg=audit(1460383471.677:472): avc: denied { getattr } for pid=9812 comm="httpd" path="/var/www/realwebtest/index.php" dev="dm-0" ino=12191473 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:dosfs_t:s0 tclass=file permissive=0 Hash: httpd,httpd_t,dosfs_t,file,getattr Version-Release number of selected component: selinux-policy-3.13.1-158.12.fc23.noarch Additional info: reporter: libreport-2.6.4 hashmarkername: setroubleshoot kernel: 4.4.6-301.fc23.x86_64 type: libreport