Bug 238277
Summary: | selinux prevents httpd to read user home directories | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Stefan Becker <chemobejk> |
Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-02 21:36:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stefan Becker
2007-04-28 17:59:23 UTC
getattr rights are required too: module local 1.0; require { type httpd_t; type default_t; class dir { search getattr }; } #============= httpd_t ============== allow httpd_t default_t:dir { search getattr }; Your home directories are mislabeled. They should be labeled something like user_home_dir_t and user_home_t. Try restorecon -R -v ~user Are these homedirectories in a different location? Home directory: drwx--x--x user_u:object_r:user_home_dir_t stefanb stefanb . drwxr-xr-x system_u:object_r:default_t root root .. /home/stefanb/public_html is a mounted LVM partition: drwxrwxrwx user_u:object_r:httpd_sys_content_t stefanb stefanb public_html top-level inside public_html: drwxrwxrwx user_u:object_r:httpd_sys_content_t stefanb stefanb . drwx--x--x user_u:object_r:user_home_dir_t stefanb stefanb .. -rw-rw-r-- user_u:object_r:httpd_sys_content_t stefanb stefanb index.html I reran restorecon: $ /sbin/restorecon -v $HOME $ /sbin/restorecon -v $HOME/public_html $ /sbin/restorecon -v $HOME/public_html/* $ As you can see there were no changes. The same setup worked OK in FC6. Maybe httpd is not allowed to access the mounted partition? How can I grant access? restorecon -v /home Yep, that seems to have corrected it: # restorecon -v /home restorecon reset /home context system_u:object_r:default_t:s0->system_u:object_r:home_root_t:s0 /home is also a mounted LVM partition which I of course did not format during F7test4 installation. Does this mean the security context of /home changed from FC6 to F7? Maybe the installer should always run restorecon on unchanged, but mounted partitions? No they are the same. Did you rm -rf /home after the install and then mkdir /home and mount on top of it? That is the only way I can think of /home getting the wrong context on it, unless there is a bug in the installer. Nope, just set the mount point for the partition in the installer to /home and disabled formating option. Well maybe it'll always be a mystery :-) Ok in that case this looks like a potential Anaconda problem. The problem is that genhomedircon grew a dep on libselinux-python and anaconda doesn't include that in its minimal image. Added in CVS. |