Hide Forgot
Summary: SELinux prevented httpd (/usr/sbin/httpd) remove_name access to LDX.eyepackage. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux prevented httpd remove_name access to LDX.eyepackage. httpd scripts are not allowed to write to content without explicit labeling of all files. If LDX.eyepackage is writable content. it needs to be labeled httpd_sys_rw_content_t or if all you need is append you can label it httpd_sys_ra_content_t. Please refer to 'man httpd_selinux' for more information on setting up httpd and selinux. Allowing Access: You can alter the file context by executing chcon -R -t httpd_sys_rw_content_t 'LDX.eyepackage' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t httpd_sys_rw_content_t 'LDX.eyepackage'" Fix Command: chcon -R -t httpd_sys_rw_content_t 'LDX.eyepackage' Additional Information: Source Context unconfined_u:system_r:httpd_t:s0 Target Context unconfined_u:object_r:httpd_sys_content_t:s0 Target Objects LDX.eyepackage [ dir ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.2.17-1.fc13.1 Target RPM Packages Policy RPM selinux-policy-3.7.19-76.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name httpd_write_content Host Name (removed) Platform Linux (removed) 2.6.34.7-66.fc13.x86_64 #1 SMP Wed Dec 15 07:04:30 UTC 2010 x86_64 x86_64 Alert Count 22 First Seen Sun 23 Jan 2011 12:37:52 AM EET Last Seen Sun 23 Jan 2011 01:53:20 AM EET Local ID 9b8863a3-f3d4-4318-9e8b-dd2d7f4c8ae4 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1295740400.554:963): avc: denied { remove_name } for pid=1447 comm="httpd" name="LDX.eyepackage" dev=dm-1 ino=1737637 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1295740400.554:963): avc: denied { rename } for pid=1447 comm="httpd" name="LDX.eyepackage" dev=dm-1 ino=1737637 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1295740400.554:963): arch=c000003e syscall=82 success=yes exit=0 a0=7f1c04826f48 a1=7f1c04924c80 a2=3 a3=7f1c04943d28 items=0 ppid=15854 pid=1447 auid=500 uid=48 gid=487 euid=48 suid=48 fsuid=48 egid=487 sgid=487 fsgid=487 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) Hash String generated from httpd_write_content,httpd,httpd_t,httpd_sys_content_t,dir,remove_name audit2allow suggests: #============= httpd_t ============== #!!!! This avc can be allowed using the boolean 'httpd_unified' allow httpd_t httpd_sys_content_t:dir remove_name; #!!!! This avc can be allowed using the boolean 'httpd_unified' allow httpd_t httpd_sys_content_t:file rename;
*** This bug has been marked as a duplicate of bug 672077 ***