Bug 722591

Summary: SELinux labeling seemingly not correct
Product: [Fedora] Fedora EPEL Reporter: Patrick C. F. Ernzer <pcfe>
Component: wordpressAssignee: Remi Collet <fedora>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: el6CC: awilliam, mgrepl, rcollet, xenophon+redhatbugzilla
Target Milestone: ---Keywords: SELinux
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 717790    
Bug Blocks:    

Description Patrick C. F. Ernzer 2011-07-15 14:31:24 EDT
Description of problem:
I just installed wordpress-3.1.4-1.el5 on a CentOS5 box. With default config access to /var/www/html/wp-content fails
[Fri Jul 15 05:26:50 2011] [error] [client 88.115.2.127] File does not exist: /var/www/html/wp-content, referer: http://www.pcfe.net/wordpress/

a bit of searching gave me bug 522897 and indeed setting the selinux label to system_u:object_r:httpd_sys_content_t helps as expected.

Version-Release number of selected component (if applicable):
wordpress-3.1.4-1.el5

How reproducible:
did not try

Steps to Reproduce:
1. have a rather minimal CentOS5 box
2. install wordpress, it's dependencies and mysql-server
3. nail down mysql with /usr/bin/mysql_secure_installation
4. follow /usr/share/doc/wordpress-3.1.4/README.fedora
  
Actual results:
wordpress not fully functional

Expected results:
wordpress works

Additional info:
seeing that Bug 522897 is fixed, this might well be a fluke on this end, want me to reproduce in a KVM guest?
Comment 1 Matěj Cepl 2011-07-15 15:02:20 EDT
Miroslav
Comment 2 Matěj Cepl 2011-07-15 15:07:20 EDT
Sorry, that should be

Miroslav, could you take a look, please?
Comment 3 Miroslav Grepl 2011-07-19 08:14:37 EDT
Patrick, 
what does

# matchpathcon /var/www/html/wp-content
Comment 4 Patrick C. F. Ernzer 2011-07-19 10:55:25 EDT
silly me, in description I should have put /usr/share/wordpress/wp-content which is where the content lives in default config (if I remember correctly)

[root@centos5 ~]# matchpathcon /usr/share/wordpress/wp-content
/usr/share/wordpress/wp-content	system_u:object_r:usr_t
[root@centos5 ~]# ls /var/www/html/wp-content
ls: /var/www/html/wp-content: No such file or directory
[root@centos5 ~]# rpm -qf /var/www/html/wp-content
error: file /var/www/html/wp-content: No such file or directory
[root@centos5 ~]# rpm -ql wordpress|grep www
[root@centos5 ~]# matchpathcon /var/www/html/wp-content
/var/www/html/wp-content	system_u:object_r:httpd_sys_content_t
[root@centos5 ~]# rpm -ql wordpress|grep content|head -n 1
/usr/share/wordpress/wp-content

So if I am not mistaken, the fix would be for wordpress-3.1.4-1.el5 to put wp-content in /var/www/html/ and not /usr/share/wordpress/ and maybe adjust the default config (if my memory of it using the directory under /usr is correct)
Comment 5 Matěj Cepl 2014-01-24 04:47:10 EST
I have instead this in my semanage fcontext -l -C (showin only the relevant lines):

root@luther: ~# semanage fcontext -C -l
SELinux fcontext                                   type               Context

/usr/share/wordpress/.*\.php$                      all files          system_u:object_r:httpd_sys_script_exec_t:s0 
/usr/share/wordpress/wp-content/.*\.log$           all files          system_u:object_r:httpd_sys_rw_content_t:s0 
/usr/share/wordpress/wp-content/upgrade(/.*)?      all files          system_u:object_r:httpd_sys_rw_content_t:s0 
/usr/share/wordpress/wp-content/wp-plugin(/.*)?    all files          system_u:object_r:httpd_sys_rw_content_t:s0 

SELinux Local fcontext Equivalence 

root@luther: ~#