httpd cannot read httpd-manual
Daniel J Walsh
dwalsh at redhat.com
Sat Apr 3 06:45:06 UTC 2004
Karl DeBisschop wrote:
>Here's the audit from /var/log/messages:
>
>
>
>Apr 2 04:09:33 xxxxx kernel: audit(1080896972.999:0): avc: denied {
>getattr } for pid=1156 exe=/usr/sbin/httpd
>path=/var/www/manual/index.html dev=md0 ino=1473314
>scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:var_t
>tclass=file
>
>
>System is FC2 devel in enforcing mode, the only change I have made to
>policies is to add myself as an adminstrative user.
>
>
File context problem.
I have modified the context in policy-1.9.2-9 to label everything under
/var/www as content unless it is specified later
This is the patch, you will need to relabel after updating the policy files
setfiles /etc/security/selinux/file_contexts /var/www
--- apache.fc.20040403 2004-03-31 15:52:27.000000000 -0500
+++ apache.fc 2004-04-03 01:37:24.360416240 -0500
@@ -1,12 +1,9 @@
# apache
HOME_DIR/((www)|(web)|(public_html))(/.+)?
system_u:object_r:httpd_ROLE_content_t
-/var/www -d system_u:object_r:httpd_sys_content_t
-/var/www/html(/.*)? system_u:object_r:httpd_sys_content_t
-/var/www/mrtg(/.*)? system_u:object_r:httpd_sys_content_t
+/var/www(/.*)? system_u:object_r:httpd_sys_content_t
/var/www/cgi-bin(/.*)? system_u:object_r:httpd_sys_script_exec_t
/usr/lib(64)?/cgi-bin(/.*)?
system_u:object_r:httpd_sys_script_exec_t
/var/www/perl(/.*)? system_u:object_r:httpd_sys_script_exec_t
-/var/www/icons(/.*)? system_u:object_r:httpd_sys_content_t
/var/cache/httpd(/.*)? system_u:object_r:httpd_cache_t
/etc/httpd -d system_u:object_r:httpd_config_t
/etc/httpd/conf.* system_u:object_r:httpd_config_t
More information about the selinux
mailing list