Bug 615702 - mod_userdir seems to not be useable because of selinux problems
Summary: mod_userdir seems to not be useable because of selinux problems
Alias: None
Product: Fedora
Classification: Fedora
Component: lighttpd
Version: 13
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Matthias Saou
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2010-07-18 05:30 UTC by Doug P
Modified: 2010-07-29 15:42 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2010-07-29 15:42:59 UTC

Attachments (Terms of Use)

Description Doug P 2010-07-18 05:30:04 UTC
Description of problem:

It seems that lighttpd's mod_userdir doesn't work with selinux.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. yum install lighttpd
2. Create a file "/etc/lighttpd/conf.d/aaa-local.conf" with with:
server.modules += ("mod_userdir")
userdir.path = "public_html"

3. lighttpd start
4. create public_html, alter permissions and run restorecon. The setup I have is...

ls -lhdZ / /home /home/doug /home/doug/public_html/

dr-xr-xr-x. root root system_u:object_r:root_t:s0      /
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
drwxr-xr-x. doug doug unconfined_u:object_r:user_home_dir_t:s0 /home/doug
drwxrwxr-x. doug doug unconfined_u:object_r:httpd_user_content_t:s0 /home/doug/public_html/

5. service lighttpd start
6. Try and access http://server/~doug with a web browser.

Actual results:


An error is logged to /var/log/audit/audit.log:

type=SYSCALL msg=audit(1279379090.094:288): arch=40000003 syscall=195 success=no exit=-13 a0=941d6d0 a1=bf8b3040 a2=a3fff4 a3=93e7a20 items=0 ppid=1 pid=5269 auid=500 uid=496 gid=490 euid=496 suid=496 fsuid=496 egid=490 sgid=490 fsgid=490 tty=(none) ses=7 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)

Expected results:

The files in the user's public html directory.

Additional info:

It works as expected if selinux is disabled and the computer is rebooted. So, I think I've found the problem, but I have no idea about how to go about fixing it.

Comment 1 Matthias Saou 2010-07-29 15:23:00 UTC
First question before I start looking into this : Have you executed the following?

setsebool -P httpd_enable_homedirs=on

Comment 2 Matthias Saou 2010-07-29 15:42:59 UTC
I've tested on RHEL5 and it fails, but after changing the above, it works. Note that I also needed to add the following, so maybe lighttpd is being denied lookups for the home directory :
userdir.basepath = "/home/"
This would be another problem, maybe worth debugging, but you don't seem to be having it.

Note You need to log in before you can comment on or make changes to this bug.