Description of problem: SELinux is preventing httpd (httpd_t) "write" to ./files (etc_t). SELinux is preventing httpd (httpd_t) "write" to ./files (etc_t). The SELinux type etc_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./files) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './files'. If the file context does not change from etc_t, then this is probably a bug in policy. Please file a bug report against the selinux-policy package. If it does change, you can try your application again to see if it works. The file context could have been mislabeled by editing the file or moving the file from a different directory, if the file keeps getting mislabeled, check the init scripts to see if they are doing something to mislabel the file. Version-Release number of selected component (if applicable): SELinux How reproducible: Steps to Reproduce: 1.install and configure drupal 2.give the directory /etc/share/drupal/sites/default/files read and write permission 3.SELinux prevents httpd to write to /etc/share/drupas/sites/default/files Actual results: SELinux prevents httpd to write to /etc/share/drupal/sites/default/files drupal error: The directory sites/default/files is not writable. You may need to set the correct directory at the file system settings page or change the current directory's permissions so that it is writable. Expected results: direcory should be writeable Additional inQuellkontext: unconfined_u:system_r:httpd_t:s0Zielkontext: unconfined_u:object_r:etc_t:s0Zielobjekte: ./files [ dir ]Source: httpdSource Path: /usr/sbin/httpdPort: <Unbekannt>Host: localhost.localdomainSource RPM Packages: httpd-2.2.8-3Target RPM Packages: RPM-Richtlinie: selinux-policy-3.3.1-42.fc9SELinux aktiviert: TrueRichtlinienversion: targetedMLS aktiviert: TrueEnforcing-Modus: EnforcingPlugin-Name: mislabeled_fileHostname: localhost.localdomainPlattform: Linux localhost.localdomain 2.6.25.3-18.fc9.i686 #1 SMP Tue May 13 05:38:53 EDT 2008 i686 i686Anzahl der Alarme: 41Zuerst gesehen: Don 15 Mai 2008 15:56:50 CESTZuletzt gesehen: Don 15 Mai 2008 16:37:59 CESTLokale ID: 40a8eb9b-adba-40b7-b1d3-1034357cb6ecZeilennummern: fo: Raw-Audit-Meldungen :host=localhost.localdomain type=AVC msg=audit(1210862279.881:68): avc: denied { write } for pid=3141 comm="httpd" name="files" dev=dm-1 ino=770072 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=dir host=localhost.localdomain type=SYSCALL msg=audit(1210862279.881:68): arch=40000003 syscall=33 success=no exit=-13 a0=ba166a78 a1=2 a2=c84e78 a3=ca7201 items=0 ppid=3138 pid=3141 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Created attachment 305494 [details] picture of the problem
It is actually _good_ feature of SELinux to prevent such things. Change your document root to /var/www/html/ please.
Yes you need to either setup labeling correctly for this directory. Or change your document root. You do not want applications writing to /etc, as this is usually considered a r/o file system. You can change the context of the directory # semanage fcontext -a -t httpd_sys_content_rw_t '/etc/share/drupas/sites/default/files(/.*)?' restorecon -R -v /etc/share/drupas