Hide Forgot
Description of problem: SELinux is preventing /usr/sbin/httpd from 'search' accesses on the directory . ***** Plugin catchall (100. confidence) suggests ************************** If вы считаете, что httpd следует разрешить доступ search к directory по умолчанию. Then рекомендуется создать отчет об ошибке. Чтобы разрешить доступ, можно создать локальный модуль политики. Do чтобы разрешить доступ, выполните: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context unconfined_u:object_r:openvpn_etc_t:s0 Target Objects [ dir ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.4.10-1.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-179.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.15.6-200.fc20.x86_64 #1 SMP Fri Jul 18 02:36:27 UTC 2014 x86_64 x86_64 Alert Count 11 First Seen 2014-07-28 13:15:36 YEKT Last Seen 2014-08-03 03:42:05 YEKT Local ID 0657c831-986d-4ce6-b3d1-27d3e991408c Raw Audit Messages type=AVC msg=audit(1407015725.362:1058): avc: denied { search } for pid=2780 comm="httpd" name="openvpn" dev="dm-0" ino=3932242 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:openvpn_etc_t:s0 tclass=dir type=SYSCALL msg=audit(1407015725.362:1058): arch=x86_64 syscall=stat success=no exit=ENOENT a0=7ff413da9b90 a1=7ffff4185730 a2=7ffff4185730 a3=0 items=0 ppid=1405 pid=2780 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null) Hash: httpd,httpd_t,openvpn_etc_t,dir,search Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.15.6-200.fc20.x86_64 type: libreport Potential duplicate: bug 817333
Did it happen by default or did you setup apache module?
I didn't setup modules manually. So I can tell: by default. (In reply to Miroslav Grepl from comment #1) > Did it happen by default or did you setup apache module?
Did everything work correctly?
Apache searches everywhere somewhat randomly, never quite figured out why, In F21/Rawhide we allow httpd to search all directories, since apache content could be anywhere, I think we should just allow this
Fix is included in actual stable build. #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t openvpn_etc_t:dir search;
This message clear anactual needinfo reqs.