Description of problem: when starting httpd i get the following allert Summary SELinux is preventing the /usr/sbin/httpd from using potentially mislabeled files mibs (usr_t). Detailed Description SELinux has denied the /usr/sbin/httpd access to potentially mislabeled files mibs. This means that SELinux will not allow http to use these files. Many third party apps install html files in directories that SELinux policy can not predict. These directories have to be labeled with a file context which httpd can accesss. Allowing Access If you want to change the file context of mibs so that the httpd daemon can access it, you need to execute it using chcon -t httpd_sys_content_t mibs. You can look at the httpd_selinux man page for additional information. Additional Information Source Context user_u:system_r:httpd_t Target Context system_u:object_r:usr_t Target Objects mibs [ dir ] Affected RPM Packages httpd-2.2.4-4.1.fc7 [application] Policy RPM selinux-policy-2.6.4-38.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.httpd_bad_labels Host Name viper.myhome-net.net Platform Linux viper.myhome-net.net 2.6.22.4-65.fc7 #1 SMP Tue Aug 21 22:36:56 EDT 2007 i686 i686 Alert Count 3 First Seen Wed 22 Aug 2007 03:08:01 AM EEST Last Seen Mon 27 Aug 2007 01:36:48 PM EEST Local ID bd280476-d164-4641-af73-b03804fe43d1 Line Numbers Raw Audit Messages avc: denied { write } for comm="httpd" dev=dm-0 egid=0 euid=0 exe="/usr/sbin/httpd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="mibs" pid=3821 scontext=user_u:system_r:httpd_t:s0 sgid=0 subj=user_u:system_r:httpd_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): selinux-policy-2.6.4-38.fc7 How reproducible: Always
Same error message with selinux-policy-2.6.4-40.fc7 from updates-testing
Fixed in selinux-policy-2.6.4-41.fc7
updated to selinux-policy-2.6.4-41.fc7 from updates-testing. It seems to be fixed. But the new policy gives the following error /etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /usr/local/Brother/lpd(/.*)? (system_u:object_r:cupsd_exec_t:s0 and system_u:object_r:bin_t:s0). Should i open a new bz for this?
No I am putting out 42 to fix this. Thanks for catching it.
Fixed.