Bug 164700

Hi Joe, Dan and Steven,
I'm not sure if this is the php, selinux or audit issue, so please forgive me
that I addressed it to you all. Possibly, it may be an upgrade issue, so please
forward this to whom it may concern.

Thank you,
Jirka Pech

Description of problem:

I have this simple php script on my FC4 box (upgraded from FC3):

<?php
  $fp = fopen("http://hq.cz", "r");
  if (! $fp) die('error');
  fclose($fp);
?>

which fails with:

Warning: fopen(http://hq.cz) [function.fopen]: failed to open stream: Permission
denied in /.. path removed ../test.php on line 2

Version-Release number of selected component (if applicable):
audit-libs-0.9.19-2.FC4
audit-0.9.19-2.FC4
selinux-policy-targeted-1.25.3-6 (tried also with 1.25.3-8)
libselinux-1.23.10-2
php-5.0.4-10.3
php-imap-5.0.4-10.3
php-mbstring-5.0.4-10.3
php-devel-5.0.4-10.3
php-pear-5.0.4-10.3
php-ldap-5.0.4-10.3
php-mysql-5.0.4-10.3
php-xmlrpc-5.0.4-10.3
php-gd-5.0.4-10.3
php-soap-5.0.4-10.3

How reproducible:
Always.

Steps to Reproduce:
1. Install FC3 and upgrade to FC4.
2. Run example script.
  
Actual results:
- fopen call fails with warning and there is no message in audit log concerning
that, even if the URL opening has been refused by SELinux targetted policy

Expected results:
- fopen should open the URL without any problem

Additional info:
- there is a strange message in audit log (please focus on line 4 of the
attachment) when trying to restart audit daemon,
- allow_url_fopen is enabled in php.ini

Everything works fine when:
- setenforce 0 is called,
- setenforce 1 is called but the script is called from the command line using
php -q test.php