back to svn]
m.roth at 5-cent.us
m.roth at 5-cent.us
Fri Nov 15 15:46:29 UTC 2013
>> From: "Dominick Grift" <dominick.grift at gmail.com>
>> On Thu, 2013-11-14 at 17:45 -0500, m.roth at 5-cent.us wrote:
>>> Dominick Grift wrote:
>>>> On Thu, 2013-11-14 at 17:01 -0500, m.roth at 5-cent.us wrote:
>>>>> I really don't understand this:
>>>>> CentOS 6.4
>>>>> directory: user_t
>>>>> subdirectory: httpd_sys_content_t
>>>>> file: httpd_sys_content_t
>>>>>
>>>>> (Permissive mode)
>>>>> selinux preventing search access on the subdirectory by httpd.
>>>>>
>>>>> Is this a cascading issue, that selinux doesn't like apache trying to
>>>>> access something under usr_t?
<snip>
>> But you want optimal help then you should enclose the actual avc denial
>>
>> because now its all hearsay. i need to look at the facts to be able to
>> suggest something i can vouch for
Good thought. NOW I'm *really* confused.
ll -Z of the file gives me
-rw-r--r--. <user> <group> system_u:system_r:httpd_sys_content_t:s0 <file>
Meanwhile,
grep avc /var/log/audit/audit.log | grep <filename>
gets me:
<...>
type=AVC msg=audit(1384527075.382:7606586): avc: denied { read } for
pid=1329 comm="httpd" name="<filename>" dev=sdc1 ino=66691074
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
"Unlabeled_t"?
mark
More information about the selinux
mailing list