Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 615702 - mod_userdir seems to not be useable because of selinux problems
mod_userdir seems to not be useable because of selinux problems
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: lighttpd (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Matthias Saou
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-18 01:30 EDT by Doug P
Modified: 2010-07-29 11:42 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-29 11:42:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Doug P 2010-07-18 01:30:04 EDT
Description of problem:

It seems that lighttpd's mod_userdir doesn't work with selinux.


Version-Release number of selected component (if applicable):

lighttpd-1.4.26-2.fc13


How reproducible:


Steps to Reproduce:
1. yum install lighttpd
2. Create a file "/etc/lighttpd/conf.d/aaa-local.conf" with with:
server.modules += ("mod_userdir")
userdir.path = "public_html"

3. lighttpd start
4. create public_html, alter permissions and run restorecon. The setup I have is...

ls -lhdZ / /home /home/doug /home/doug/public_html/

dr-xr-xr-x. root root system_u:object_r:root_t:s0      /
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 /home
drwxr-xr-x. doug doug unconfined_u:object_r:user_home_dir_t:s0 /home/doug
drwxrwxr-x. doug doug unconfined_u:object_r:httpd_user_content_t:s0 /home/doug/public_html/

5. service lighttpd start
6. Try and access http://server/~doug with a web browser.

  
Actual results:

404

An error is logged to /var/log/audit/audit.log:

type=SYSCALL msg=audit(1279379090.094:288): arch=40000003 syscall=195 success=no exit=-13 a0=941d6d0 a1=bf8b3040 a2=a3fff4 a3=93e7a20 items=0 ppid=1 pid=5269 auid=500 uid=496 gid=490 euid=496 suid=496 fsuid=496 egid=490 sgid=490 fsgid=490 tty=(none) ses=7 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)




Expected results:

The files in the user's public html directory.


Additional info:

It works as expected if selinux is disabled and the computer is rebooted. So, I think I've found the problem, but I have no idea about how to go about fixing it.
Comment 1 Matthias Saou 2010-07-29 11:23:00 EDT
First question before I start looking into this : Have you executed the following?

setsebool -P httpd_enable_homedirs=on
Comment 2 Matthias Saou 2010-07-29 11:42:59 EDT
I've tested on RHEL5 and it fails, but after changing the above, it works. Note that I also needed to add the following, so maybe lighttpd is being denied lookups for the home directory :
userdir.basepath = "/home/"
This would be another problem, maybe worth debugging, but you don't seem to be having it.

Note You need to log in before you can comment on or make changes to this bug.