Bug 882347 - SELinux is preventing /usr/sbin/php-fpm from 'getattr' accesses on the directory /home/mikhail.
Summary: SELinux is preventing /usr/sbin/php-fpm from 'getattr' accesses on the direct...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 18
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:a66d26b85b214692111d20beba2...
: 882349 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-11-30 18:05 UTC by Mikhail
Modified: 2012-12-01 07:23 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-11-30 19:06:46 UTC
Type: ---


Attachments (Terms of Use)
File: description (2.78 KB, text/plain)
2012-11-30 18:05 UTC, Mikhail
no flags Details

Description Mikhail 2012-11-30 18:05:19 UTC
Additional info:
hashmarkername: setroubleshoot
kernel:         3.6.7-5.fc18.i686.PAE
type:           libreport

Comment 1 Mikhail 2012-11-30 18:05:22 UTC
Created attachment 655167 [details]
File: description

Comment 2 Daniel Walsh 2012-11-30 19:06:46 UTC
Did you read the alert?  It told you what to do.

Comment 3 Daniel Walsh 2012-11-30 19:07:06 UTC
*** Bug 882349 has been marked as a duplicate of this bug. ***

Comment 4 Mikhail 2012-11-30 19:17:54 UTC
(In reply to comment #2)
> Did you read the alert?  It told you what to do.

My PHP code stored in home directory. Why can't I use it from there?

Comment 5 Daniel Walsh 2012-11-30 19:24:18 UTC
You can, you just need to set the SELinux booleans to tell the system that apache (httpd_t) will be using home directories.

man httpd_selinux

Explains this also.


*****  Plugin catchall_boolean (47.5 confidence) suggests  *******************

If you want to httpd_read_user_content
Then you must tell SELinux about this by enabling the 'httpd_read_user_content' boolean.You can read 'user_selinux' man page for more details.
Do
setsebool -P httpd_read_user_content 1

*****  Plugin catchall_boolean (47.5 confidence) suggests  *******************

If you want to httpd_enable_homedirs
Then you must tell SELinux about this by enabling the 'httpd_enable_homedirs' boolean.You can read 'user_selinux' man page for more details.
Do
setsebool -P httpd_enable_homedirs 1

Comment 6 Mikhail 2012-12-01 07:23:25 UTC
I am run sudo setsebool -P httpd_enable_homedirs 1
but php-fpm still cannot write to home directory :(

this php code
if(($handler = fopen($program_dir.'/logs/'.$user.'-'.$fname, "a")) !== false)

please see https://bugzilla.redhat.com/show_bug.cgi?id=882467


Why so hard in F18 run php scrpts? In F17 it would be much easy.


Note You need to log in before you can comment on or make changes to this bug.