Summary: SELinux is preventing /usr/sbin/httpd from using potentially mislabeled files /srv/joomla/index.php. Detailed Description: SELinux has denied the httpd access to potentially mislabeled files /srv/joomla/index.php. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, dirsrv_var_log_t, net_conf_t, logfile, rpm_tmp_t, public_content_t, anon_inodefs_t, sysctl_kernel_t, httpd_modules_t, etc_runtime_t, dirsrv_var_run_t, httpd_var_lib_t, httpd_var_run_t, ld_so_cache_t, user_tmp_t, httpd_suexec_exec_t, httpd_awstats_htaccess_t, httpd_dirsrvadmin_htaccess_t, application_exec_type, httpd_user_htaccess_t, httpd_nutups_cgi_htaccess_t, mailman_cgi_exec_t, chroot_exec_t, gitosis_var_lib_t, dirsrvadmin_config_t, httpd_sys_content_t, httpd_squid_htaccess_t, public_content_rw_t, httpd_munin_htaccess_t, httpd_bugzilla_htaccess_t, httpd_cobbler_htaccess_t, mailman_archive_t, mailman_data_t, httpd_apcupsd_cgi_htaccess_t, system_dbusd_var_lib_t, httpd_cvs_htaccess_t, httpd_git_htaccess_t, httpd_sys_htaccess_t, squirrelmail_spool_t, bin_t, cert_t, httpd_t, lib_t, httpd_prewikka_htaccess_t, user_home_t, passenger_var_lib_t, passenger_var_run_t, cobbler_var_lib_t, tmp_t, usr_t, httpd_rotatelogs_exec_t, httpd_smokeping_cgi_htaccess_t, nagios_etc_t, nagios_log_t, abrt_var_run_t, sssd_public_t, ping_exec_t, httpd_keytab_t, locale_t, httpd_unconfined_script_exec_t, cluster_conf_t, etc_t, fonts_t, proc_t, sysfs_t, fonts_cache_t, httpd_mojomojo_htaccess_t, httpd_exec_t, httpd_lock_t, httpd_log_t, krb5_keytab_t, passenger_exec_t, dirsrv_config_t, sysctl_crypto_t, ssh_exec_t, krb5_conf_t, httpd_config_t, user_tmp_t, httpd_mediawiki_htaccess_t, abrt_t, lib_t, udev_tbl_t, httpd_tmp_t, calamaris_www_t, fail2ban_var_lib_t, httpd_cache_t, httpd_tmpfs_t, smokeping_var_lib_t, shell_exec_t, iso9660_t, httpd_w3c_validator_htaccess_t, abrt_helper_exec_t, mysqld_etc_t, cvs_data_t, var_lib_t, cobbler_etc_t, sendmail_exec_t, httpd_helper_exec_t, dbusd_etc_t, dirsrv_share_t, ld_so_t, httpd_dirsrvadmin_script_exec_t, user_cron_spool_t, httpd_squirrelmail_t, textrel_shlib_t, httpd_php_exec_t, httpd_nagios_htaccess_t, rpm_script_tmp_t, httpd_mediawiki_tmp_t, httpd_zarafa_htaccess_t, samba_var_t, httpd_cvs_ra_content_t, httpd_cvs_rw_content_t, httpd_git_ra_content_t, httpd_git_rw_content_t, httpd_nagios_content_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_zarafa_content_t, httpd_w3c_validator_content_t, httpd_nagios_ra_content_t, httpd_nagios_rw_content_t, httpd_nutups_cgi_ra_content_t, httpd_nutups_cgi_rw_content_t, httpd_cobbler_script_exec_t, httpd_zarafa_ra_content_t, httpd_zarafa_rw_content_t, httpd_mediawiki_script_exec_t, httpd_smokeping_cgi_script_exec_t, httpd_git_content_t, httpd_user_content_t, httpd_apcupsd_cgi_content_t, httpd_mediawiki_ra_content_t, httpd_mediawiki_rw_content_t, httpd_squid_ra_content_t, httpd_squid_rw_content_t, httpd_apcupsd_cgi_ra_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_prewikka_content_t, httpd_smokeping_cgi_ra_content_t, httpd_smokeping_cgi_rw_content_t, httpd_smokeping_cgi_content_t, httpd_cvs_content_t, httpd_sys_content_t, httpd_munin_content_t, httpd_squid_content_t, httpd_awstats_script_exec_t, httpd_dirsrvadmin_ra_content_t, httpd_dirsrvadmin_rw_content_t, httpd_munin_script_exec_t, httpd_w3c_validator_script_exec_t, httpd_prewikka_ra_content_t, httpd_prewikka_rw_content_t, httpd_user_script_exec_t, httpd_bugzilla_content_t, httpd_mediawiki_content_t, krb5_host_rcache_t, httpd_cobbler_content_t, httpd_apcupsd_cgi_script_exec_t, httpd_dirsrvadmin_content_t, httpd_nagios_script_exec_t, httpd_squid_script_exec_t, httpd_w3c_validator_ra_content_t, httpd_w3c_validator_rw_content_t, httpd_awstats_ra_content_t, httpd_awstats_rw_content_t, httpd_bugzilla_script_exec_t, httpd_awstats_content_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_nutups_cgi_content_t, httpd_cobbler_ra_content_t, httpd_cobbler_rw_content_t, httpd_prewikka_script_exec_t, httpd_mojomojo_content_t, httpd_munin_ra_content_t, httpd_munin_rw_content_t, httpd_mojomojo_ra_content_t, httpd_mojomojo_rw_content_t, httpd_sys_script_exec_t, httpd_git_script_exec_t, httpd_cvs_script_exec_t, httpd_zarafa_script_exec_t, httpd_dirsrvadmin_script_exec_t, httpd_mojomojo_script_exec_t, httpd_bugzilla_ra_content_t, httpd_bugzilla_rw_content_t, httpd_nutups_cgi_script_exec_t, root_t. Many third party apps install html files in directories that SELinux policy cannot predict. These directories have to be labeled with a file context which httpd can access. Allowing Access: If you want to change the file context of /srv/joomla/index.php so that the httpd daemon can access it, you need to execute it using semanage fcontext -a -t FILE_TYPE '/srv/joomla/index.php'. where FILE_TYPE is one of the following: dirsrv_var_log_t, net_conf_t, logfile, rpm_tmp_t, public_content_t, anon_inodefs_t, sysctl_kernel_t, httpd_modules_t, etc_runtime_t, dirsrv_var_run_t, httpd_var_lib_t, httpd_var_run_t, ld_so_cache_t, user_tmp_t, httpd_suexec_exec_t, httpd_awstats_htaccess_t, httpd_dirsrvadmin_htaccess_t, application_exec_type, httpd_user_htaccess_t, httpd_nutups_cgi_htaccess_t, mailman_cgi_exec_t, chroot_exec_t, gitosis_var_lib_t, dirsrvadmin_config_t, httpd_sys_content_t, httpd_squid_htaccess_t, public_content_rw_t, httpd_munin_htaccess_t, httpd_bugzilla_htaccess_t, httpd_cobbler_htaccess_t, mailman_archive_t, mailman_data_t, httpd_apcupsd_cgi_htaccess_t, system_dbusd_var_lib_t, httpd_cvs_htaccess_t, httpd_git_htaccess_t, httpd_sys_htaccess_t, squirrelmail_spool_t, bin_t, cert_t, httpd_t, lib_t, httpd_prewikka_htaccess_t, user_home_t, passenger_var_lib_t, passenger_var_run_t, cobbler_var_lib_t, tmp_t, usr_t, httpd_rotatelogs_exec_t, httpd_smokeping_cgi_htaccess_t, nagios_etc_t, nagios_log_t, abrt_var_run_t, sssd_public_t, ping_exec_t, httpd_keytab_t, locale_t, httpd_unconfined_script_exec_t, cluster_conf_t, etc_t, fonts_t, proc_t, sysfs_t, fonts_cache_t, httpd_mojomojo_htaccess_t, httpd_exec_t, httpd_lock_t, httpd_log_t, krb5_keytab_t, passenger_exec_t, dirsrv_config_t, sysctl_crypto_t, ssh_exec_t, krb5_conf_t, httpd_config_t, user_tmp_t, httpd_mediawiki_htaccess_t, abrt_t, lib_t, udev_tbl_t, httpd_tmp_t, calamaris_www_t, fail2ban_var_lib_t, httpd_cache_t, httpd_tmpfs_t, smokeping_var_lib_t, shell_exec_t, iso9660_t, httpd_w3c_validator_htaccess_t, abrt_helper_exec_t, mysqld_etc_t, cvs_data_t, var_lib_t, cobbler_etc_t, sendmail_exec_t, httpd_helper_exec_t, dbusd_etc_t, dirsrv_share_t, ld_so_t, httpd_dirsrvadmin_script_exec_t, user_cron_spool_t, httpd_squirrelmail_t, textrel_shlib_t, httpd_php_exec_t, httpd_nagios_htaccess_t, rpm_script_tmp_t, httpd_mediawiki_tmp_t, httpd_zarafa_htaccess_t, samba_var_t, httpd_cvs_ra_content_t, httpd_cvs_rw_content_t, httpd_git_ra_content_t, httpd_git_rw_content_t, httpd_nagios_content_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_zarafa_content_t, httpd_w3c_validator_content_t, httpd_nagios_ra_content_t, httpd_nagios_rw_content_t, httpd_nutups_cgi_ra_content_t, httpd_nutups_cgi_rw_content_t, httpd_cobbler_script_exec_t, httpd_zarafa_ra_content_t, httpd_zarafa_rw_content_t, httpd_mediawiki_script_exec_t, httpd_smokeping_cgi_script_exec_t, httpd_git_content_t, httpd_user_content_t, httpd_apcupsd_cgi_content_t, httpd_mediawiki_ra_content_t, httpd_mediawiki_rw_content_t, httpd_squid_ra_content_t, httpd_squid_rw_content_t, httpd_apcupsd_cgi_ra_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_prewikka_content_t, httpd_smokeping_cgi_ra_content_t, httpd_smokeping_cgi_rw_content_t, httpd_smokeping_cgi_content_t, httpd_cvs_content_t, httpd_sys_content_t, httpd_munin_content_t, httpd_squid_content_t, httpd_awstats_script_exec_t, httpd_dirsrvadmin_ra_content_t, httpd_dirsrvadmin_rw_content_t, httpd_munin_script_exec_t, httpd_w3c_validator_script_exec_t, httpd_prewikka_ra_content_t, httpd_prewikka_rw_content_t, httpd_user_script_exec_t, httpd_bugzilla_content_t, httpd_mediawiki_content_t, krb5_host_rcache_t, httpd_cobbler_content_t, httpd_apcupsd_cgi_script_exec_t, httpd_dirsrvadmin_content_t, httpd_nagios_script_exec_t, httpd_squid_script_exec_t, httpd_w3c_validator_ra_content_t, httpd_w3c_validator_rw_content_t, httpd_awstats_ra_content_t, httpd_awstats_rw_content_t, httpd_bugzilla_script_exec_t, httpd_awstats_content_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_nutups_cgi_content_t, httpd_cobbler_ra_content_t, httpd_cobbler_rw_content_t, httpd_prewikka_script_exec_t, httpd_mojomojo_content_t, httpd_munin_ra_content_t, httpd_munin_rw_content_t, httpd_mojomojo_ra_content_t, httpd_mojomojo_rw_content_t, httpd_sys_script_exec_t, httpd_git_script_exec_t, httpd_cvs_script_exec_t, httpd_zarafa_script_exec_t, httpd_dirsrvadmin_script_exec_t, httpd_mojomojo_script_exec_t, httpd_bugzilla_ra_content_t, httpd_bugzilla_rw_content_t, httpd_nutups_cgi_script_exec_t, root_t. You can look at the httpd_selinux man page for additional information. Additional Information: Source Context unconfined_u:system_r:httpd_t:s0 Target Context unconfined_u:object_r:var_t:s0 Target Objects /srv/joomla/index.php [ file ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.2.17-1.fc14 Target RPM Packages Policy RPM selinux-policy-3.9.7-10.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name httpd_bad_labels Host Name (removed) Platform Linux (removed) 2.6.35.6-48.fc14.x86_64 #1 SMP Fri Oct 22 15:36:08 UTC 2010 x86_64 x86_64 Alert Count 4 First Seen Thu 18 Nov 2010 11:25:20 PM MSK Last Seen Thu 18 Nov 2010 11:25:35 PM MSK Local ID 21bf6e2a-7c4d-4def-9b4a-7824fe674923 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1290111935.708:6077): avc: denied { getattr } for pid=23756 comm="httpd" path="/srv/joomla/index.php" dev=sda2 ino=9282 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1290111935.708:6077): arch=c000003e syscall=6 success=no exit=-13 a0=7f5f6e68a350 a1=7fff5376ec80 a2=7fff5376ec80 a3=fffffffffffff368 items=0 ppid=23748 pid=23756 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=229 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) Hash String generated from httpd_bad_labels,httpd,httpd_t,var_t,file,getattr audit2allow suggests: #============= httpd_t ============== allow httpd_t var_t:file getattr;
You want to setup labeling for this directory # semanage fcontext -a -t httpd_sys_content_t '/var/joomla(/.*)?' # restorecon -R -v /var/joomla Is this a standard location for joomla? What is joomla?