Apache2 directory listing problem F16
Mark Haney
markh at abemblem.com
Mon Jul 30 15:06:28 UTC 2012
On 07/30/2012 10:46 AM, Steven Stern wrote:
> On 07/30/2012 08:41 AM, Mark Haney wrote:
>> On 07/27/2012 01:22 PM, David Quigley wrote:
>> Everything I've tried seems to end up with an SELinux error. I've got
>> it disabled now, but haven't rebooted to see if that fixes it. It's
>> strange, the troubleshooter offers a couple of commands to set SELinux
>> correctly for what I want, but it still chokes on it.
>>
>>
>>
> If you copied files from some other directory into pics, then they
> probably brought along their existing context. Go back to /var/www/html
> and try "sudo restorecon -r *".
>
I've attached the full output of the troubleshooter just in case I
managed not to include everything needed.
--
Mark Haney
Software Developer/Consultant
AB Emblem
markh at abemblem.com
Linux marius.homelinux 3.4.4-4.fc16.x86_64 GNU/Linux
-------------- next part --------------
SELinux is preventing /usr/sbin/httpd from open access on the directory /var/www/html/updates.
***** Plugin restorecon (99.5 confidence) suggests *************************
If you want to fix the label.
/var/www/html/updates default label should be httpd_sys_content_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/www/html/updates
***** Plugin catchall (1.49 confidence) suggests ***************************
If you believe that httpd should be allowed open access on the updates directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects /var/www/html/updates [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host marius.homelinux
Source RPM Packages httpd-2.2.22-2.fc16.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.10.0-90.fc16.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name marius.homelinux
Platform Linux marius.homelinux 3.4.4-4.fc16.x86_64 #1 SMP
Thu Jul 5 20:01:38 UTC 2012 x86_64 x86_64
Alert Count 2
First Seen Mon 30 Jul 2012 08:58:18 AM EDT
Last Seen Mon 30 Jul 2012 09:48:30 AM EDT
Local ID 64b33ecc-7dd0-4af0-b753-da769b4fc13b
Raw Audit Messages
type=AVC msg=audit(1343656110.659:126): avc: denied { open } for pid=13506 comm="httpd" name="updates" dev="dm-1" ino=278541 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1343656110.659:126): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffffffffffff9c a1=7f43778e6b58 a2=90800 a3=0 items=0 ppid=13504 pid=13506 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,user_home_t,dir,open
audit2allow
#============= httpd_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# httpd_read_user_content, httpd_enable_homedirs
allow httpd_t user_home_t:dir open;
audit2allow -R
#============= httpd_t ==============
#!!!! This avc can be allowed using one of the these booleans:
# httpd_read_user_content, httpd_enable_homedirs
allow httpd_t user_home_t:dir open;
More information about the users
mailing list