Description of problem: When running through the web based installation of Joomla 3.2, SELinux blocks the final stage of the setup of removing installation directory and saving configuration file. Version-Release number of selected component (if applicable): Joomla 3.2.3 httpd 2.4.7-3.f20 selinux-policy-3.12.1-122.fc20 How reproducible: Every time Steps to Reproduce: (Steps based on joomla rpm https://bugzilla.redhat.com/show_bug.cgi?id=1074714) 1. yum install joomla 2. service httpd start 3. browse to http://ip/joomla/ and run through setup Actual results: Once the setup reaches the last page, it will fail to save configuration.php as well as fail to delete the installation directory Expected results: Setup should automatically save configuration.php and the installation directory should successfully be removed when clicking the delete button. Additional info: AVC denials that are present when SELinux is permissive is as follows: type=AVC msg=audit(1394492490.924:1283): avc: denied { write } for pid=4526 comm="httpd" name="joomla" dev="dm-1" ino=1970901 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir type=AVC msg=audit(1394492530.383:1284): avc: denied { add_name } for pid=4850 comm="httpd" name="configuration.php" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir type=AVC msg=audit(1394492530.383:1284): avc: denied { create } for pid=4850 comm="httpd" name="configuration.php" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1394492530.383:1284): avc: denied { write } for pid=4850 comm="httpd" path="/var/www/joomla/configuration.php" dev="dm-1" ino=1972147 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1394492551.580:1285): avc: denied { write } for pid=4852 comm="httpd" name="configuration.php" dev="dm-1" ino=1972147 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1394492552.681:1286): avc: denied { setattr } for pid=4852 comm="httpd" name="CHANGELOG" dev="dm-1" ino=2102676 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1394492552.682:1287): avc: denied { remove_name } for pid=4852 comm="httpd" name="CHANGELOG" dev="dm-1" ino=2102676 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir type=AVC msg=audit(1394492552.682:1287): avc: denied { unlink } for pid=4852 comm="httpd" name="CHANGELOG" dev="dm-1" ino=2102676 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file type=AVC msg=audit(1394492552.684:1288): avc: denied { rmdir } for pid=4852 comm="httpd" name="application" dev="dm-1" ino=2102685 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir type=AVC msg=audit(1394492552.756:1289): avc: denied { rename } for pid=4852 comm="httpd" name="robots.txt.dist" dev="dm-1" ino=1971572 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file
Try to execute # chcon -R -t httpd_sys_rw_content_t /var/www/joomla to see if everything works correctly.
Also what does $ rpm -qf /var/www/joomla i don't see in on my rawhide system.
(In reply to Miroslav Grepl from comment #1) > Try to execute > > # chcon -R -t httpd_sys_rw_content_t /var/www/joomla > > to see if everything works correctly. This works perfectly. No output in audit.log and no restrictions in function. By the way, this is not in rawhide as yet as it is still under package review. The location has been moved to /usr/share, however the following worked perfectly. chcon -R -t httpd_sys_rw_content_t /usr/share/joomla/
Added.