Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: SELinux is preventing php-fpm from 'create' accesses on the file sql.log. ***** Plugin catchall_boolean (89.3 confidence) suggests ****************** If you want to allow httpd to unified Then you must tell SELinux about this by enabling the 'httpd_unified' boolean. You can read 'None' man page for more details. Do setsebool -P httpd_unified 1 ***** Plugin catchall (11.6 confidence) suggests ************************** If you believe that php-fpm should be allowed create access on the sql.log file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep php-fpm /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:httpd_user_content_t:s0 Target Objects sql.log [ file ] Source php-fpm Source Path php-fpm Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-128.4.fc22.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.0.7-300.fc22.i686 #1 SMP Mon Jun 29 22:52:18 UTC 2015 i686 i686 Alert Count 1 First Seen 2015-07-12 05:45:16 YEKT Last Seen 2015-07-12 05:45:16 YEKT Local ID 14cbe107-01a7-47a3-a71c-497ca902b90e Raw Audit Messages type=AVC msg=audit(1436661916.706:2501): avc: denied { create } for pid=6893 comm="php-fpm" name="sql.log" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_user_content_t:s0 tclass=file permissive=1 Hash: php-fpm,httpd_t,httpd_user_content_t,file,create Version-Release number of selected component: selinux-policy-3.13.1-128.4.fc22.noarch Additional info: reporter: libreport-2.6.0 hashmarkername: setroubleshoot kernel: 4.0.7-300.fc22.i686 type: libreport
*** This bug has been marked as a duplicate of bug 1242248 ***