Bug 139898

Summary: php session management does not work
Product: [Fedora] Fedora Reporter: Johannes Schmid <schmid>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-11-19 14:13:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Johannes Schmid 2004-11-18 18:02:54 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3)
Gecko/20040910

Description of problem:
When using PHP and using the session_start to start a new session, the
current selinux targeted policy denies writing the session data file.

I tested both the policy that comes with FC3 and the latest version I
downloaded from ftp://people.redhat.com/dwalsh/SELinux/FC3

The audit message I get is:
avc:  denied  { write } for  pid=2245 exe=/usr/sbin/httpd
name=sess_06fefce137c6212d30abd148f3f43736 dev=hda3 ino=52451
scontext=user_u:system_r:httpd_t tcontext=root:object_r:var_lib_t
tclass=file


The PHP script used for testing is:
<?php
session_start();
?>


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.31

How reproducible:
Always

Steps to Reproduce:
1. execute above php script
    

Actual Results:  creation of session fails; PHP error message is:
session_start():
open(/var/lib/php/session/sess_06fefce137c6212d30abd148f3f43736,
O_RDWR) failed: Permission denied (13)

Expected Results:  a successful creation of a session file
Comment 1 Daniel Walsh 2004-11-18 18:41:46 UTC 
restorecon -R -v /var/lib/php/session should fix this.

Dan
Comment 2 Johannes Schmid 2004-11-19 10:15:43 UTC 
thanks, this did help. Works perfectly now.