[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: httpd cannot read httpd-manual

From: Karl DeBisschop <kdebisschop alert infoplease com>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Cc: carstengrohmann gmx de
Subject: Re: httpd cannot read httpd-manual
Date: Fri, 2 Apr 2004 13:12:28 -0500

On Fri, 2 Apr 2004 18:05:02 +0200
Carsten Grohmann <carstengrohmann gmx de> wrote:

> On Freitag, 2. April 2004 16:15, Karl DeBisschop wrote:
> 
> > Apr  2 04:09:33 xxxxx kernel: audit(1080896972.999:0): avc: 
> > denied  { getattr } for  pid=1156 exe=/usr/sbin/httpd
> > path=/var/www/manual/index.html dev=md0 ino=1473314
> > scontext=system_u:system_r:httpd_t
> > tcontext=system_u:object_r:var_t tclass=file
> 
> Maybe you should relabel the webserver files with 
> httpd_sys_context_t or look into <path to 
> policy>/file_contexts/program/apache.fc change apaches path 
> settings.

FWIW, it works if you add adding these lines to
/etc/security/selinux/src/policy/file_contexts/program/apache.fc:

/var/www/manual(/.*)?             system_u:object_r:httpd_sys_content_t
/var/www/error(/.*)?             system_u:object_r:httpd_sys_content_t

then:

make -C /etc/security/selinux/src/policy
/sbin/fixfiles relabel

Presumably something like that sort of change can make it into
the vext update of policy.

-- 
Karl DeBisschop (kdebisschop infoplease com)
Pearson Education/Infoplease (http://www.infoplease.com)

References:
- httpd cannot read httpd-manual
  - From: Karl DeBisschop
- Re: httpd cannot read httpd-manual
  - From: Carsten Grohmann

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]