Description of problem: I have the following symbolic link directory: /var/www/html/a -> /a I'm getting avc denial with the following raw audit messages: avc: denied { getattr } for comm="httpd" dev=sda6 egid=48 euid=48 exe="/usr/sbin/httpd" exit=-13 fsgid=48 fsuid=48 gid=48 items=0 name="/" path="/a" pid=3809 scontext=user_u:system_r:httpd_t:s0 sgid=48 subj=user_u:system_r:httpd_t:s0 suid=48 tclass=dir tcontext=system_u:object_r:rsync_data_t:s0 tty=(none) uid=48 Version-Release number of selected component (if applicable): httpd-2.2.4-3 selinux-policy-2.6.1-1.fc7 How reproducible: persistent Steps to Reproduce: 1. yum install httpd.x86_64 2. ln -s /var/www/html/a /a 3. From remote client, bring up firefox and access /a directory # assumed /a has populated sub-directories read access enabled http://192.168.3.103/a Actual results: All sub-directories and files /a is invisible Attached is the output file of selinux troubleshooter.
Created attachment 154487 [details] selinux troubleshooter output log
This looks like an expected policy violation - the target directory is not labelled such that httpd can read it. See "man httpd_selinux" - the /a directory needs to be labelled with httpd_sys_content_t or similar; please mail fedora-selinux for further help.