From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040617 Galeon/1.3.16 Description of problem: SELinux policy breaks file access for httpd. I can't retrieve /var/www/html/vm/vm.exe aka http://hostname/vm/vm.exe. I also can't see the file in the index listing for http://hostname/vm/ /etc/sysconfig/selinux: SELINUX=enforcing SELINUXTYPE=targeted dmesg output: audit(1089861367.288:0): avc: denied { getattr } for pid=1847 exe=/usr/sbin/httpd path=/var/www/html/vm/vm.exe dev=md1 ino=611056 scontext=user_u:system_r:httpd_t tcontext=user_u:object_r:user_home_t tclass=file Version-Release number of selected component (if applicable): policy-1.11.3-3.1 How reproducible: Always Steps to Reproduce: 1. mv file /var/www/html 2. Start httpd 3. Open a browser on another computer and try to retrieve the file Actual Results: Forbidden Expected Results: Download dialog Additional info:
selinux-policy-targeted-1.15.3-1 The previous version had the same problem, and a tested workaround was to disable selinux.
In order to get homedirectory access working with Targeted policy you need to mark the files with httpd_user_content_t chcon -t httpd_user_content_t /home/user/XYZ
You need to change the context of the file after you relocate it from your home directory to /var/www/html. "restorecon /var/www/html/vm/vm.exe" should do the trick. Closing as NOTABUG.