Bug 139898 - php session management does not work
php session management does not work
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-18 13:02 EST by Johannes Schmid
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-11-19 09:13:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Johannes Schmid 2004-11-18 13:02:54 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3)
Gecko/20040910

Description of problem:
When using PHP and using the session_start to start a new session, the
current selinux targeted policy denies writing the session data file.

I tested both the policy that comes with FC3 and the latest version I
downloaded from ftp://people.redhat.com/dwalsh/SELinux/FC3

The audit message I get is:
avc:  denied  { write } for  pid=2245 exe=/usr/sbin/httpd
name=sess_06fefce137c6212d30abd148f3f43736 dev=hda3 ino=52451
scontext=user_u:system_r:httpd_t tcontext=root:object_r:var_lib_t
tclass=file


The PHP script used for testing is:
<?php
session_start();
?>


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.17.30-2.31

How reproducible:
Always

Steps to Reproduce:
1. execute above php script
    

Actual Results:  creation of session fails; PHP error message is:
session_start():
open(/var/lib/php/session/sess_06fefce137c6212d30abd148f3f43736,
O_RDWR) failed: Permission denied (13)

Expected Results:  a successful creation of a session file
Comment 1 Daniel Walsh 2004-11-18 13:41:46 EST
restorecon -R -v /var/lib/php/session should fix this.

Dan
Comment 2 Johannes Schmid 2004-11-19 05:15:43 EST
thanks, this did help. Works perfectly now.

Note You need to log in before you can comment on or make changes to this bug.