SELinux and HTTP Error
Richard Heck
rgheck at comcast.net
Sun Sep 12 12:05:56 UTC 2010
Anyone help me with this? I get this error every time httpd starts. This
is still F12, but up to date.
The info isn't that helpful, as I don't have user directories enabled in
httpd.conf anyway.
Thanks,
Richard
Summary:
SELinux is preventing /usr/sbin/httpd "search" access on /root/.local.
Detailed Description:
[SELinux is in permissive mode. This access was not denied.]
SELinux denied access requested by httpd. The current boolean settings
do not
allow this access. If you have not setup httpd to require this access
this may
signal an intrusion attempt. If you do intend this access you need to
change the
booleans on this system to allow the access.
Allowing Access:
Confined processes can be configured to run requiring different access,
SELinux
provides booleans to allow you to turn on/off access as needed. The boolean
httpd_enable_homedirs is set incorrectly.
Boolean Description:
Allow httpd to read home directories
Fix Command:
# setsebool -P httpd_enable_homedirs 1
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:gconf_home_t:s0
Target Objects /root/.local [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host rghquad.bobjweil.com
Source RPM Packages httpd-2.2.15-1.fc12.2
Target RPM Packages
Policy RPM selinux-policy-3.6.32-121.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
Plugin Name catchall_boolean
Host Name rghquad.bobjweil.com
Platform Linux rghquad.bobjweil.com
2.6.32.21-166.fc12.x86_64 #1 SMP Fri Aug 27
06:07:37 UTC 2010 x86_64 x86_64
Alert Count 1
First Seen Sun 12 Sep 2010 07:45:13 AM EDT
Last Seen Sun 12 Sep 2010 07:45:13 AM EDT
Local ID a422f71e-92a5-4bff-b510-1280613e0b11
Line Numbers
Raw Audit Messages
node=rghquad.bobjweil.com type=AVC msg=audit(1284291913.888:7): avc:
denied { search } for pid=1956 comm="httpd" name=".local" dev=sda5
ino=794581 scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
node=rghquad.bobjweil.com type=SYSCALL msg=audit(1284291913.888:7):
arch=c000003e syscall=4 success=no exit=-2 a0=7f2cd52b9e20
a1=7fffb5a5f7b0 a2=7fffb5a5f7b0 a3=6b6361702d657469 items=0 ppid=1
pid=1956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=system_u:system_r:httpd_t:s0 key=(null)
More information about the users
mailing list