Created attachment 322139 [details] Contents of the SELinux alert I ran the following commands as root, intending to use my local web server as a source for a network install on a nearby machine: mkdir /var/www/html/fedora/ mount -o loop -t iso9660 /backup/f10-snap3/Fedora-10-Snap3-x86_64-DVD/Fedora-10-Snap3-x86_64-DVD.iso /var/www/html/fedora/ When I tried to access the file via HTTP, I got an SELinux denial alert, which said: "If you want to change the file context of /var/www/html/fedora so that the httpd daemon can access it, you need to execute it using chcon -t httpd_sys_content_t '/var/www/html/fedora'." However, when I do this, I get an error: chcon: failed to change context of `/var/www/html/fedora' to `system_u:object_r:httpd_sys_content_t:s0': Read-only file system I'm not sure there's a good security reason for denying Apache access to subdirectories of /var/www/html/, but in any case it would be nice if whatever solution is suggested by the system actually works. For now, I'm disabling SELinux so I can proceed with my installation. This is with selinux-policy-targeted-3.3.1-103.fc9.noarch and httpd-2.2.9-1.fc9.i386.
Does mount -o loop,context="system_u:object_r:httpd_sys_content_t:s0" -t iso9660 /backup/f10-snap3/Fedora-10-Snap3-x86_64-DVD/Fedora-10-Snap3-x86_64-DVD.iso /var/www/html/fedora/ Fix the problem?
This should be just allowed, added policy for RHEL5, F10 and Rawhide. fs_read_iso9660_files(httpd_t) fs_read_iso9660_files(httpd_suexec_t) fs_read_iso9660_files(httpd_sys_script_t) Should be added to F9 policy.
Fixed in selinux-policy-3.3.1-115.fc9.noarch
selinux-policy-3.3.1-115.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/selinux-policy-3.3.1-115.fc9
selinux-policy-3.3.1-115.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-11122
selinux-policy-3.3.1-116.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/selinux-policy-3.3.1-116.fc9
Sorry for the slow response; selinux-policy-3.3.1-115.fc9.noarch fixes the problem. Thanks!
selinux-policy-3.3.1-115.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.