Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 614674 - SELinux prevented httpd (/usr/sbin/httpd) setattr access to /var/www/html/phpBB3/cache/sql_9dc91161799801b44926b824ccc5cf51.php.
SELinux prevented httpd (/usr/sbin/httpd) setattr access to /var/www/html/php...
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
13
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:3b57d329f32...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-14 19:37 EDT by hal9000a
Modified: 2011-01-23 14:24 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-15 10:27:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description hal9000a 2010-07-14 19:37:15 EDT 
Summary:

SELinux prevented httpd (/usr/sbin/httpd) setattr access to
/var/www/html/phpBB3/cache/sql_9dc91161799801b44926b824ccc5cf51.php.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux prevented httpd setattr access to
/var/www/html/phpBB3/cache/sql_9dc91161799801b44926b824ccc5cf51.php. httpd
scripts are not allowed to write to content without explicit labeling of all
files. If /var/www/html/phpBB3/cache/sql_9dc91161799801b44926b824ccc5cf51.php is
writable content. it needs to be labeled httpd_sys_content_rw_t or if all you
need is append you can label it httpd_sys_content_ra_t. Please refer to 'man
httpd_selinux' for more information on setting up httpd and selinux.

Allowing Access:

You can alter the file context by executing chcon -R -t httpd_sys_content_rw_t
'/var/www/html/phpBB3/cache/sql_9dc91161799801b44926b824ccc5cf51.php' You must
also change the default file context files on the system in order to preserve
them even on a full relabel. "semanage fcontext -a -t httpd_sys_content_rw_t
'/var/www/html/phpBB3/cache/sql_9dc91161799801b44926b824ccc5cf51.php'"

Fix Command:

chcon -R -t httpd_sys_content_rw_t
'/var/www/html/phpBB3/cache/sql_9dc91161799801b44926b824ccc5cf51.php'

Additional Information:

Source Context                system_u:system_r:httpd_t:s0
Target Context                system_u:object_r:httpd_sys_content_t:s0
Target Objects                /var/www/html/phpBB3/cache/sql_9dc91161799801b4492
                              6b824ccc5cf51.php [ file ]
Source                        httpd
Source Path                   /usr/sbin/httpd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           httpd-2.2.15-1.fc13
Target RPM Packages           
Policy RPM                    selinux-policy-3.7.19-33.fc13
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   httpd_write_content
Host Name                     (removed)
Platform                      Linux (removed)
                              2.6.33.6-147.fc13.i686.PAE #1 SMP Tue Jul 6
                              22:24:44 UTC 2010 i686 i686
Alert Count                   18
First Seen                    Mon 12 Jul 2010 01:35:09 PM EDT
Last Seen                     Wed 14 Jul 2010 07:33:22 PM EDT
Local ID                      59c97cdd-c318-4d67-bb3b-9b0a56f4cf7f
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1279150402.509:1988): avc:  denied  { setattr } for  pid=17908 comm="httpd" name="sql_9dc91161799801b44926b824ccc5cf51.php" dev=dm-0 ino=3670608 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1279150402.509:1988): arch=40000003 syscall=15 success=yes exit=0 a0=b757bb48 a1=1b6 a2=1483d1c a3=b757d6f0 items=0 ppid=1646 pid=17908 auid=4294967295 uid=48 gid=488 euid=48 suid=48 fsuid=48 egid=488 sgid=488 fsgid=488 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)



Hash String generated from  httpd_write_content,httpd,httpd_t,httpd_sys_content_t,file,setattr
audit2allow suggests:

#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'

allow httpd_t httpd_sys_content_t:file setattr;
Comment 1 Daniel Walsh 2010-07-15 10:27:30 EDT 
The alert tells you what to do.

# semanage fcontext -a -t httpd_sys_content_rw_t '/var/www/html/phpBB3/cache(/.*)?'
# restorecon -R -v /var/www/html/phpBB3
Comment 2 hal9000a 2010-08-13 06:55:44 EDT 
Wow thanks you are a genious
I posted the bug because that did'nt work
Since that i disabled selinux
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.