Description of problem: With default policy (targeted,enforcing), htsearch can't access to db Version-Release number of selected component (if applicable): htdig-3.2.0b6-3 How reproducible: allways Steps to Reproduce: 1. run (as root) rundig 2. try to search a word in http://??/htdig/ 3. Actual results: Error: ht://Dig error htsearch detected an error. Please report this to the webmaster of this site by sending an e-mail to: rgorosito@... The error message is: Unable to read word database file '/var/lib/htdig/db.words.db' Did you run htdig? Additional info: from /var/log/messages: audit(1100616704.732:0): avc: denied { search } for pid=16285 exe=/var/www/cgi-bin/htsearch scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:sysctl_kernel_t tclass=dir audit(1100616704.733:0): avc: denied { search } for pid=16285 exe=/var/www/cgi-bin/htsearch name=sys dev=proc ino=-268435431 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:sysctl_t tclass=dir audit(1100616704.943:0): avc: denied { ioctl } for pid=16285 exe=/var/www/cgi-bin/htsearch path=/etc/htdig/htdig.conf dev=hda2 ino=281655 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:etc_t tclass=file audit(1100616704.955:0): avc: denied { ioctl } for pid=16285 exe=/var/www/cgi-bin/htsearch path=/etc/htdig/htdig.conf dev=hda2 ino=281655 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:etc_t tclass=file audit(1100616704.955:0): avc: denied { ioctl } for pid=16285 exe=/var/www/cgi-bin/htsearch path=/etc/htdig/htdig.conf dev=hda2 ino=281655 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:etc_t tclass=file audit(1100616705.160:0): avc: denied { search } for pid=16285 exe=/var/www/cgi-bin/htsearch name=lib dev=hda2 ino=684098 scontext=root:system_r:httpd_sys_script_t tcontext=system_u:object_r:var_lib_t tclass=dir
Updated policy in selinux-policy-targeted-1.17.30-2.39 and selinux-policy-targeted-1.19.8-2