Bug 146471
Summary: | httpd UserDir doesn't work | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Chris Lee <clee> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | RHBA-2005-251 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-01-31 14:21:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Lee
2005-01-28 17:21:06 UTC
Using the audit2allow tool to scan /var/log/messages (got that tip from Jeff Needle), this line was suggested: allow httpd_t autofs_t:dir { getattr search }; Not sure where to put that, though. Fixed in selinux-policy-targeted-1.17.30-2.75 I've verified this works for NFS dirs, which Chris was trying, but it still fails for an ordinary user home directory. Apr 22 15:58:31 localhost kernel: audit(1114199911.371:0): avc: denied { getattr } for pid=3766 exe=/usr/sbin/httpd path=/home/foo/public_html dev=dm-0 ino=1880509 scontext=root:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=dir [root@localhost ~]# ls -lRZ /home/foo /home/foo: drwxr-xr-x foo foo user_u:object_r:user_home_t public_html /home/foo/public_html: -rw-rw-r-- foo foo user_u:object_r:user_home_t index.html try a restorecon on it restorecon -R /home/foo/public_html Or if that does not work. chcon -R user_u:object_r:httpd_user_content_t /home/foo/public_html Ok, restorecon did the trick. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-251.html |