1257584 – Lack of SELinux fcontexts for php55-php-fpm

Bug 1257584 - Lack of SELinux fcontexts for php55-php-fpm

Summary: Lack of SELinux fcontexts for php55-php-fpm

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Red Hat Software Collections
Classification:	Red Hat
Component:	php55
Sub Component:
Version:	php55
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Remi Collet
QA Contact:	BaseOS QE - Apps
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-08-27 12:02 UTC by cac2s
Modified:	2017-03-31 14:55 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-03-31 14:55:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description cac2s 2015-08-27 12:02:14 UTC

Description of problem:
Lack of SELinux fcontexts for php55-php-fpm package


Version-Release number of selected component (if applicable):
$ yum info php55-php-fpm
Name        : php55-php-fpm
Arch        : x86_64
Version     : 5.5.6
Release     : 13.el6
Size        : 3.7 M
Repo        : installed
From repo   : rhel-server-rhscl-6-rpms

How reproducible:
The uploaded files has incorrect fcontext while uploading with WordPress Media Library

Steps to Reproduce:
1. Upload some file as described above
2. # ls -lZ /var/www/example.com/public_html/wp-content/uploads/2015/08/bgTop2.jpg 
-rw-r--r--. www-owner www-owner unconfined_u:object_r:initrc_tmp_t:s0 /var/www/example.com/public_html/wp-content/uploads/2015/08/bgTop2.jpg

As a result, the Apache can not read these files...

Additional info:

The fcontext templates are defined:

# semanage fcontext -l | egrep \/var\/www.*\/public_html\/wp-content
/var/www/[^/]*/public_html/wp-content/(uploads|upgrade)(/.*)? all files          system_u:object_r:httpd_sys_rw_content_t:s0

The command

# restorecon -R /var/www/

fixes fcontext, but for already uploaded only...

To fix this problem:

# semanage fcontext -a -t httpd_exec_t "/opt/[^/]*/[^/]*/root/usr/sbin/php-fpm"
# semanage fcontext -a -t httpd_log_t "/opt/[^/]*/[^/]*/root/var/log/php-fpm(/.*)?"
# semanage fcontext -a -t httpd_var_run_t "/opt/[^/]*/[^/]*/root/var/run/php-fpm(/.*)?"
# semanage fcontext -a -t httpd_var_run_t "/opt/[^/]*/[^/]*/root/var/lib/php/session(/.*)?"
# restorecon /opt/rh/php55/root/

Comment 1 cac2s 2015-08-27 12:11:22 UTC

The last line/command in the description is wrong.

It should be like this:
# restorecon -R /opt/rh/php55/root/
(to recursively change contexts)

Comment 4 Joe Orton 2016-10-12 12:47:21 UTC

Red Hat does not currently plan to provide any further changes to this collection in a Red Hat Software Collections update release.

This software collection is nearing the retirement date (October 2016) after which customers are encouraged either to upgrade to a later release or continue on as self-supported without official Red Hat Support.

Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/

Comment 5 Joe Orton 2017-03-31 14:55:45 UTC

In accordance with the Red Hat Software Collections Product Life Cycle, the support period for this collection has ended.

New bug fix, enhancement, and security errata updates, as well as technical support services will no longer be made available for this collection.

Customers are encouraged to upgrade to a later release.

Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/

Note You need to log in before you can comment on or make changes to this bug.