Bug 882347

Summary: SELinux is preventing /usr/sbin/php-fpm from 'getattr' accesses on the directory /home/mikhail.
Product: [Fedora] Fedora Reporter: Mikhail <mikhail.v.gavrilov>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: dominick.grift, dwalsh, mgrepl, mikhail.v.gavrilov
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:a66d26b85b214692111d20beba27f85ab565c2e7966fd08386b073a38efe6666
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-30 19:06:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: description none

Description Mikhail 2012-11-30 18:05:19 UTC 
Additional info:
hashmarkername: setroubleshoot
kernel:         3.6.7-5.fc18.i686.PAE
type:           libreport
Comment 1 Mikhail 2012-11-30 18:05:22 UTC 
Created attachment 655167 [details]
File: description
Comment 2 Daniel Walsh 2012-11-30 19:06:46 UTC 
Did you read the alert?  It told you what to do.
Comment 3 Daniel Walsh 2012-11-30 19:07:06 UTC 
*** Bug 882349 has been marked as a duplicate of this bug. ***
Comment 4 Mikhail 2012-11-30 19:17:54 UTC 
(In reply to comment #2)
> Did you read the alert?  It told you what to do.

My PHP code stored in home directory. Why can't I use it from there?
Comment 5 Daniel Walsh 2012-11-30 19:24:18 UTC 
You can, you just need to set the SELinux booleans to tell the system that apache (httpd_t) will be using home directories.

man httpd_selinux

Explains this also.


*****  Plugin catchall_boolean (47.5 confidence) suggests  *******************

If you want to httpd_read_user_content
Then you must tell SELinux about this by enabling the 'httpd_read_user_content' boolean.You can read 'user_selinux' man page for more details.
Do
setsebool -P httpd_read_user_content 1

*****  Plugin catchall_boolean (47.5 confidence) suggests  *******************

If you want to httpd_enable_homedirs
Then you must tell SELinux about this by enabling the 'httpd_enable_homedirs' boolean.You can read 'user_selinux' man page for more details.
Do
setsebool -P httpd_enable_homedirs 1
Comment 6 Mikhail 2012-12-01 07:23:25 UTC 
I am run sudo setsebool -P httpd_enable_homedirs 1
but php-fpm still cannot write to home directory :(

this php code
if(($handler = fopen($program_dir.'/logs/'.$user.'-'.$fname, "a")) !== false)

please see https://bugzilla.redhat.com/show_bug.cgi?id=882467


Why so hard in F18 run php scrpts? In F17 it would be much easy.