> From: "Dominick Grift"
<dominick.grift(a)gmail.com>
> On Thu, 2013-11-14 at 17:45 -0500, m.roth(a)5-cent.us wrote:
>> Dominick Grift wrote:
>>> On Thu, 2013-11-14 at 17:01 -0500, m.roth(a)5-cent.us wrote:
>>>> I really don't understand this:
>>>> CentOS 6.4
>>>> directory: user_t
>>>> subdirectory: httpd_sys_content_t
>>>> file: httpd_sys_content_t
>>>>
>>>> (Permissive mode)
>>>> selinux preventing search access on the subdirectory by httpd.
>>>>
>>>> Is this a cascading issue, that selinux doesn't like apache trying
to
>>>> access something under usr_t?
<snip>
> But you want optimal help then you should enclose the actual avc
denial
>
> because now its all hearsay. i need to look at the facts to be able to
> suggest something i can vouch for
Good thought. NOW I'm *really* confused.
ll -Z of the file gives me
-rw-r--r--. <user> <group> system_u:system_r:httpd_sys_content_t:s0
<file>
Meanwhile,
grep avc /var/log/audit/audit.log | grep <filename>
gets me:
<...>
type=AVC msg=audit(1384527075.382:7606586): avc: denied { read } for
pid=1329 comm="httpd" name="<filename>" dev=sdc1 ino=66691074
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
"Unlabeled_t"?
mark