Bug 619528
Summary: | SELinux powstrzymuje demona HTTP przed odczytywaniem katalogów domowych użytkowników. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Marek Zdunek <mzdunek> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 13 | CC: | deep.shah9, dwalsh, eingorn777, hobbes1069, joamorim, kwpolska, mbooth, mgrepl, pislogan, tcfxfzoi, vwfoxguru |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:7e530e5bcc83a024fff993905180e3f360a8f33a7840285476fc94dff1d938fe | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-07-29 18:52:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marek Zdunek
2010-07-29 18:18:48 UTC
#============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t user_home_dir_t:dir search; It is strange, but in my case all lines which were previously referencing subdirectories in my home directory, were STRICTLY commented out in httpd.conf and conf.d. So, why httpd daemon tries to read my home directory again and again? Do you have a separate file system mounted there? httpd might be doing a search of all mounted file systems. I have separate filesystem /home: Partial content of fstab: $cat /etc/fstab <SKIP> / ext3 defaults 1 1 /home ext3 defaults 1 2 /var ext3 defaults 1 2 /tmp ext3 defaults 1 2 /usr ext3 defaults 1 2 /usr/local ext3 defaults 1 2 /boot ext3 defaults 1 2 <SKIP> $uname -r 2.6.34.7-56.fc13.i686 Why httpd is searching for SUBdirectories in /home? (I have apache for development purposes, so port 80 is firewall protected. So, it's obviously local apache "is playing pranks". And what's more, this SELinux alert (though harmless, but annoying) springs up only once at system start.) How are you starting httpd? If you use the service httpd start script, you should not see this avc. If you execute /etc/init.d/httpd start from your home dir you would. |