Bug 497208 - SELinux is preventing the httpd from using potentially mislabeled files nfs (var_lib_nfs_t).
SELinux is preventing the httpd from using potentially mislabeled files nfs (...
Product: Fedora
Classification: Fedora
Component: httpd (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Joe Orton
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-04-22 15:17 EDT by Mathieu Bridon
Modified: 2009-08-18 08:02 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-08-18 08:02:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
full text of the selinux alert when starting httpd (2.20 KB, text/plain)
2009-04-22 15:18 EDT, Mathieu Bridon
no flags Details

  None (edit)
Description Mathieu Bridon 2009-04-22 15:17:26 EDT
Description of problem:
I just installed httpd on Fedora 11 fully updated.

When trying to start httpd with « service httpd start », SETroubleshoot fires an alert about some mislabeled nfs file (see whole the text of the alert in attachment).

I searched on my filesystem for all files named « nfs », the only one I could find with the SELinux context specified in the alert was /var/lib/nfs. However, I can't see why httpd is trying to access this file, so maybe I didn't understand the alert correctly.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. yum install httpd
2. service httpd start

Actual results:
SETroubleshoot alert.

Expected results:
No alert, httpd is started.
Comment 1 Mathieu Bridon 2009-04-22 15:18:13 EDT
Created attachment 340794 [details]
full text of the selinux alert when starting httpd
Comment 2 Ruben Kerkhof 2009-05-09 09:11:52 EDT
I see this as well.

Running httpd under strace shows this:
6588  stat("/var/lib/nfs/public_html",  <unfinished ...>

which is blocked by selinux.
Comment 3 Bug Zapper 2009-06-09 10:25:45 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:
Comment 4 Mathieu Bridon 2009-07-13 17:52:06 EDT
I can't reproduce it anymore, but I still have the same httpd version :-/

Maybe something changed in a selinux policy update ?
Comment 5 Joe Orton 2009-08-18 08:02:18 EDT
I don't know, but this isn't an httpd bug either way.

Note You need to log in before you can comment on or make changes to this bug.