Bug 966321
Summary: | SELinux is preventing /usr/bin/perl from 'write' accesses on the file /var/www/html/bugzilla/data/db/bugs. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Moez Roy <moez.roy> |
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 18 | CC: | dominick.grift, dwalsh, mgrepl, moez.roy |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | abrt_hash:7af975850e189fb3e298e5e26eca6ed091e7f4a232021a09ae7ac78ae0cdabe9 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-05-28 09:07:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Moez Roy
2013-05-23 04:15:42 UTC
The alert tells you what to do. Either you can change labeling to httpd_sys_rw_content_t or you can turn on the httpd_unified boolean. What does # rpm -qf /var/www/html/bugzilla/data/db *** Bug 966322 has been marked as a duplicate of this bug. *** *** Bug 966323 has been marked as a duplicate of this bug. *** (In reply to Miroslav Grepl from comment #2) > What does > > # rpm -qf /var/www/html/bugzilla/data/db This was not installed using rpm/yum because it puts the data any lots of places, and it is not up to date. I changed the labeling to httpd_sys_rw_content_t but it did not work. http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-4.4.tar.gz 1. extracted to home dir. 2. ran ./checksetup.pl as root (it was not working as regular user) 3. renamed folder bugzilla-4.4 to bugzilla. 4. cut and paste bugzilla folder to /var/www/html 5. in /etc/httpd/conf.d make a file called bugzilla.conf with the following code: <Directory /var/www/html/bugzilla> AddHandler cgi-script .cgi Options +ExecCGI DirectoryIndex index.cgi index.html AllowOverride Limit FileInfo Indexes Options </Directory> 6. sudo service httpd start 7. Go here http://localhost/bugzilla What was wrong with httpd_sys_rw_content_t? I did this:(In reply to Miroslav Grepl from comment #6) > What was wrong with httpd_sys_rw_content_t? I did: sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/bugzilla/data/db/bugs' sudo restorecon -v '/var/www/html/bugzilla/data/db/bugs' I also checked the auto relabel on reboot box inside the system-config-selinux gui, and did a reboot. But I was getting 500 internal server error and/or 403 forbidden. When I turned on httpd_unified boolean then it started to work in enforcing mode. Probably httpd_sys_rw_content_t is also needed for /var/www/html/bugzilla/data directory. You can test it using # chcon -R -t httpd_sys_rw_content_t /var/www/html/bugzilla/data Yes, it can be allowed by the boolean. |