Bug 1266738 - SELinux is preventing httpd from 'create' accesses on the file error.php.
SELinux is preventing httpd from 'create' accesses on the file error.php.
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
23
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
abrt_hash:ddca64d618db70f5047dd95c02f...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-26 23:21 EDT by Luya Tshimbalanga
Modified: 2015-10-03 14:59 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-03 14:59:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Luya Tshimbalanga 2015-09-26 23:21:51 EDT
Description of problem:
Error happened when attempting to login joomla installed on user repository
SELinux is preventing httpd from 'create' accesses on the file error.php.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that httpd should be allowed create access on the error.php file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:httpd_t:s0
Target Context                system_u:object_r:user_home_t:s0
Target Objects                error.php [ file ]
Source                        httpd
Source Path                   httpd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-147.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.2.1-300.fc23.x86_64 #1 SMP Mon
                              Sep 21 22:13:13 UTC 2015 x86_64 x86_64
Alert Count                   2
First Seen                    2015-09-26 20:17:25 PDT
Last Seen                     2015-09-26 20:17:53 PDT
Local ID                      2c0f8a44-35ec-4871-908b-4a16322fdaed

Raw Audit Messages
type=AVC msg=audit(1443323873.956:662): avc:  denied  { create } for  pid=7202 comm="httpd" name="error.php" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0


Hash: httpd,httpd_t,user_home_t,file,create

Version-Release number of selected component:
selinux-policy-3.13.1-147.fc23.noarch

Additional info:
reporter:       libreport-2.6.2
hashmarkername: setroubleshoot
kernel:         4.2.1-300.fc23.x86_64
type:           libreport

Potential duplicate: bug 769016
Comment 1 Daniel Walsh 2015-10-03 06:29:58 EDT
where is error.php located?

Looks like there was content created in your homedir and mv'd to /var/www?

restorecon -R -v /var/www

If you are sharing content out of your home dir then you need to setup labeling correct.  restorecon -R -v /home  Might fix labeling in your homedir also.
Comment 2 Luya Tshimbalanga 2015-10-03 14:59:49 EDT
(In reply to Daniel Walsh from comment #1)
> where is error.php located?
> 
> Looks like there was content created in your homedir and mv'd to /var/www?
> 
> restorecon -R -v /var/www
> 
> If you are sharing content out of your home dir then you need to setup
> labeling correct.  restorecon -R -v /home  Might fix labeling in your
> homedir also.

error.php is from Joomla directory
~/public_html/joomla/templates/system/error.php

Following your suggestion fixed the issue not only from my local Joomla hosting but all other CMS I created inside my home directory. It was hard to find a proper documents for creating a local CMS in a home dir with proper labeling without heaving change of permission.

Thanks Dan for your help. Closing this bug as solved.

Note You need to log in before you can comment on or make changes to this bug.