Description of problem: Loaded the owncloud server page for initial setup. The owncloud server installation is from Fedora package. SELinux is preventing /usr/sbin/httpd from 'write' accesses on the file /var/lib/owncloud/data/.htaccess. ***** Plugin catchall_labels (83.8 confidence) suggests ******************** If you want to allow httpd to have write access on the .htaccess file Then you need to change the label on /var/lib/owncloud/data/.htaccess Do # semanage fcontext -a -t FILE_TYPE '/var/lib/owncloud/data/.htaccess' where FILE_TYPE is one of the following: abrt_retrace_spool_t, afs_cache_t, dirsrv_config_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_tmp_t, httpd_apcupsd_cgi_rw_content_t, httpd_awstats_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cache_t, httpd_collectd_rw_content_t, httpd_cvs_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_dspam_rw_content_t, httpd_git_rw_content_t, httpd_lock_t, httpd_man2html_rw_content_t, httpd_mediawiki_rw_content_t, httpd_mojomojo_rw_content_t, httpd_munin_rw_content_t, httpd_mythtv_rw_content_t, httpd_nagios_rw_content_t, httpd_nutups_cgi_rw_content_t, httpd_openshift_rw_content_t, httpd_prewikka_rw_content_t, httpd_smokeping_cgi_rw_content_t, httpd_squid_rw_content_t, httpd_squirrelmail_t, httpd_sys_rw_content_t, httpd_tmp_t, httpd_tmpfs_t, httpd_user_rw_content_t, httpd_var_lib_t, httpd_var_run_t, httpd_w3c_validator_rw_content_t, httpd_webalizer_rw_content_t, httpd_zoneminder_rw_content_t, initrc_tmp_t, jetty_cache_t, jetty_log_t, jetty_var_lib_t, jetty_var_run_t, krb5_host_rcache_t, passenger_tmp_t, passenger_var_run_t, pki_ra_etc_rw_t, pki_ra_log_t, pki_ra_var_lib_t, pki_tps_etc_rw_t, pki_tps_log_t, pki_tps_var_lib_t, puppet_tmp_t, squirrelmail_spool_t, systemd_passwd_var_run_t, user_cron_spool_t, zarafa_var_lib_t. Then execute: restorecon -v '/var/lib/owncloud/data/.htaccess' ***** Plugin catchall (17.1 confidence) suggests *************************** If you believe that httpd should be allowed write access on the .htaccess file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep httpd /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:var_lib_t:s0 Target Objects /var/lib/owncloud/data/.htaccess [ file ] Source httpd Source Path /usr/sbin/httpd Port <Unknown> Host (removed) Source RPM Packages httpd-2.4.4-2.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-24.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.0-0.rc5.git1.301.fc19.x86_64 #1 SMP Tue Apr 2 20:37:45 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-04-04 20:40:27 EDT Last Seen 2013-04-04 20:40:27 EDT Local ID 3497989b-7ef6-4078-b347-1cab49f025b2 Raw Audit Messages type=AVC msg=audit(1365122427.830:119): avc: denied { write } for pid=994 comm="httpd" name=".htaccess" dev="sda3" ino=529997 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1365122427.830:119): arch=x86_64 syscall=open success=no exit=EACCES a0=7f8f2d29e650 a1=241 a2=1b6 a3=7373656363617468 items=0 ppid=589 pid=994 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 ses=4294967295 tty=(none) comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null) Hash: httpd,httpd_t,var_lib_t,file,write audit2allow #============= httpd_t ============== allow httpd_t var_lib_t:file write; audit2allow -R require { type httpd_t; type var_lib_t; class file write; } #============= httpd_t ============== allow httpd_t var_lib_t:file write; Additional info: hashmarkername: setroubleshoot kernel: 3.9.0-0.rc5.git1.301.fc19.x86_64 type: libreport
c8142e96bc45b7c286bc1b4b723db5b946b35a1e fixes this in git.
back ported.
selinux-policy-3.12.1-31.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-31.fc19
Package selinux-policy-3.12.1-31.fc19: * should fix your issue, * was pushed to the Fedora 19 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-31.fc19' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-5812/selinux-policy-3.12.1-31.fc19 then log in and leave karma (feedback).
selinux-policy-3.12.1-31.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.