Summary: SELinux is preventing the http daemon from reading users' home directories. Detailed Description: SELinux has denied the http daemon access to users' home directories. Someone is attempting to access your home directories via your http daemon. If you have not setup httpd to share home directories, this probably signals an intrusion attempt. Allowing Access: If you want the http daemon to share home directories you need to turn on the httpd_enable_homedirs boolean: "setsebool -P httpd_enable_homedirs=1" You may need to also label the content that you wish to share. The man page httpd_selinux will have further information. 'man httpd_selinux'. Fix Command: setsebool -P httpd_enable_homedirs=1 Additional Information: Source Context unconfined_u:system_r:httpd_t:s0 Target Context unconfined_u:object_r:user_home_dir_t:s0 Target Objects /home/slogan [ dir ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.2.16-1.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-47.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name httpd_enable_homedirs Host Name (removed) Platform Linux (removed) 2.6.33.6-147.2.4.fc13.x86_64 #1 SMP Fri Jul 23 17:14:44 UTC 2010 x86_64 x86_64 Alert Count 15 First Seen Thu 19 Aug 2010 02:40:57 AM MSD Last Seen Thu 19 Aug 2010 02:56:25 AM MSD Local ID 2ad7b9e6-0266-4d3a-980a-11532d591347 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1282172185.336:258): avc: denied { getattr } for pid=3014 comm="httpd" path="/home/slogan" dev=sda5 ino=13369345 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1282172185.336:258): arch=c000003e syscall=6 success=no exit=-13 a0=7f5d43e1de38 a1=7fffcac40fd0 a2=7fffcac40fd0 a3=1 items=0 ppid=3011 pid=3014 auid=500 uid=48 gid=484 euid=48 suid=48 fsuid=48 egid=484 sgid=484 fsgid=484 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) Hash String generated from httpd_enable_homedirs,httpd,httpd_t,user_home_dir_t,dir,getattr audit2allow suggests: #============= httpd_t ============== #!!!! This avc can be allowed using one of the these booleans: # httpd_read_user_content, httpd_enable_homedirs allow httpd_t user_home_dir_t:dir getattr;
Fix Command: setsebool -P httpd_enable_homedirs=1