First Last Prev Next    This bug is not in your last search results.
Bug 239710 - avc:denied httpd -- no access to symbolic link directory
avc:denied httpd -- no access to symbolic link directory
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: httpd (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-10 13:34 EDT by eric magaoay
Modified: 2007-11-30 17:12 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-25 09:15:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
selinux troubleshooter output log (1.86 KB, text/plain)
2007-05-10 13:34 EDT, eric magaoay 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description eric magaoay 2007-05-10 13:34:30 EDT 
Description of problem:
I have the following symbolic link directory:
/var/www/html/a -> /a

I'm getting avc denial with the following raw audit messages:
avc: denied { getattr } for comm="httpd" dev=sda6 egid=48 euid=48
exe="/usr/sbin/httpd" exit=-13 fsgid=48 fsuid=48 gid=48 items=0 name="/"
path="/a" pid=3809 scontext=user_u:system_r:httpd_t:s0 sgid=48
subj=user_u:system_r:httpd_t:s0 suid=48 tclass=dir
tcontext=system_u:object_r:rsync_data_t:s0 tty=(none) uid=48

Version-Release number of selected component (if applicable):
httpd-2.2.4-3
selinux-policy-2.6.1-1.fc7

How reproducible:
persistent

Steps to Reproduce:
1. yum install httpd.x86_64
2. ln -s /var/www/html/a /a
3. From remote client, bring up firefox and access /a directory
   # assumed /a has populated sub-directories read access enabled
    http://192.168.3.103/a

Actual results:
All sub-directories and files /a is invisible

Attached is the output file of selinux troubleshooter.
Comment 1 eric magaoay 2007-05-10 13:34:30 EDT 
Created attachment 154487 [details]
selinux troubleshooter output log
Comment 2 Joe Orton 2007-05-25 09:15:12 EDT 
This looks like an expected policy violation - the target directory is not
labelled such that httpd can read it.  See "man httpd_selinux" - the /a
directory needs to be labelled with httpd_sys_content_t or similar; please mail
fedora-selinux@redhat.com for further help.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.