Description of problem: I use a stock FC3, Apache and PhpWiki (edit lib/config.php to use flat files). When PhpWiki tries to update a "hitcount" file, it fails, and the following audit event is logged: Jan 19 10:12:58 localhost kernel: audit(1106147578.393:0): avc: denied { append } for pid=4702 exe=/usr/sbin/httpd name=hitcount.data dev=hda4 ino=1802851 scontext=user_u:system_r:httpd_t tcontext=root:object_r:httpd_sys_script_rw_t tclass=file Version-Release number of selected component (if applicable): PhpWiki 1.2.7 (http://sourceforge.net/projects/phpwiki/) How reproducible: Reliably Steps to Reproduce: 1. Download PhpWiki 1.2.7 from http://sourceforge.net/projects/phpwiki/ and unpack into apache directory (/var/www/wiki) 2. Edit /var/www/wiki/lib/config.php to use flat files: $WhichDatabase = 'file' 3. Change the location of pages from default '/tmp' (look under elseif ): $DBdir = '/var/www/wiki/contents'; 4. Change the file context of "contents" to httpd_sys_script_rw_t: chcon -R root:object_r:httpd_sys_script_rw_t '/var/www/wiki/contents' 5. Visit URL http://localhost/wiki Actual results: At the end of the page: WikiFatalError Error while writing page 'hitcount.data' Expected results: No error Additional info: This could be a problem with Apache, because if it were running in the 'httpd_sys_script_t' domain (instead of 'httpd_t') while executing PHP scripts, the following rule would allow the append: /etc/selinux/targeted/src/policy.conf: allow httpd_sys_script_t httpd_sys_script_rw_t:{ file ...} {... append ...} But I don't know SELinux that well.
What version of policy are you running? The latest version with the httpd_unified boolean set should allow this. Dan
The RPM name is: selinux-policy-targeted-1.17.30-2.19.noarch.rpm
Please do a yum update on selinux-policy-targeted. You should be running selinux-policy-targeted-1.17.30-2.70.noarch.rpm or later. yum upgrade selinux-policy-targeted Then do a setsebool -P httpd_unified 1 To make sure the httpd boolean is set. Dan