From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 Description of problem: When using PHP and using the session_start to start a new session, the current selinux targeted policy denies writing the session data file. I tested both the policy that comes with FC3 and the latest version I downloaded from ftp://people.redhat.com/dwalsh/SELinux/FC3 The audit message I get is: avc: denied { write } for pid=2245 exe=/usr/sbin/httpd name=sess_06fefce137c6212d30abd148f3f43736 dev=hda3 ino=52451 scontext=user_u:system_r:httpd_t tcontext=root:object_r:var_lib_t tclass=file The PHP script used for testing is: <?php session_start(); ?> Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.31 How reproducible: Always Steps to Reproduce: 1. execute above php script Actual Results: creation of session fails; PHP error message is: session_start(): open(/var/lib/php/session/sess_06fefce137c6212d30abd148f3f43736, O_RDWR) failed: Permission denied (13) Expected Results: a successful creation of a session file
restorecon -R -v /var/lib/php/session should fix this. Dan
thanks, this did help. Works perfectly now.