Red Hat Bugzilla – Bug 497208
SELinux is preventing the httpd from using potentially mislabeled files nfs (var_lib_nfs_t).
Last modified: 2009-08-18 08:02:18 EDT
Description of problem:
I just installed httpd on Fedora 11 fully updated.
When trying to start httpd with « service httpd start », SETroubleshoot fires an alert about some mislabeled nfs file (see whole the text of the alert in attachment).
I searched on my filesystem for all files named « nfs », the only one I could find with the SELinux context specified in the alert was /var/lib/nfs. However, I can't see why httpd is trying to access this file, so maybe I didn't understand the alert correctly.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. yum install httpd
2. service httpd start
No alert, httpd is started.
Created attachment 340794 [details]
full text of the selinux alert when starting httpd
I see this as well.
Running httpd under strace shows this:
6588 stat("/var/lib/nfs/public_html", <unfinished ...>
which is blocked by selinux.
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.
More information and reason for this action is here:
I can't reproduce it anymore, but I still have the same httpd version :-/
Maybe something changed in a selinux policy update ?
I don't know, but this isn't an httpd bug either way.