httpd cannot read httpd-manual
Karl DeBisschop
kdebisschop at alert.infoplease.com
Fri Apr 2 18:12:28 UTC 2004
On Fri, 2 Apr 2004 18:05:02 +0200
Carsten Grohmann <carstengrohmann at gmx.de> wrote:
> On Freitag, 2. April 2004 16:15, Karl DeBisschop wrote:
>
> > Apr 2 04:09:33 xxxxx kernel: audit(1080896972.999:0): avc:
> > denied { getattr } for pid=1156 exe=/usr/sbin/httpd
> > path=/var/www/manual/index.html dev=md0 ino=1473314
> > scontext=system_u:system_r:httpd_t
> > tcontext=system_u:object_r:var_t tclass=file
>
> Maybe you should relabel the webserver files with
> httpd_sys_context_t or look into <path to
> policy>/file_contexts/program/apache.fc change apaches path
> settings.
FWIW, it works if you add adding these lines to
/etc/security/selinux/src/policy/file_contexts/program/apache.fc:
/var/www/manual(/.*)? system_u:object_r:httpd_sys_content_t
/var/www/error(/.*)? system_u:object_r:httpd_sys_content_t
then:
make -C /etc/security/selinux/src/policy
/sbin/fixfiles relabel
Presumably something like that sort of change can make it into
the vext update of policy.
--
Karl DeBisschop (kdebisschop at infoplease.com)
Pearson Education/Infoplease (http://www.infoplease.com)
More information about the fedora-selinux-list
mailing list