httpd denied write
Tim Fenn
fenn at stanford.edu
Sun Jun 12 19:31:25 UTC 2005
On Sun, Jun 12, 2005 at 01:05:30PM -0400, Colin Walters wrote:
> On Sat, 2005-06-11 at 19:28 -0700, Tim Fenn wrote:
> > I'm still a bit new to selinux, so apologies if this is a silly
> > question. I've been running httpd in the past, but I've recently had
> > errors accessing my mythweb folder (lots of permission denied
> > messages) with the following logged in /var/log/messages:
> >
> > Jun 11 19:11:16 agora kernel: audit(1118542276.660:0): avc: denied {
> > write } for pid=19303 exe=/usr/sbin/httpd name=image_cache dev=sda1
> > ino=1392658 scontext=root:system_r:httpd_t tcontext=system_u:object_r:httpd_sys_content_t tclass=dir
> >
> > this is from the php scripts in mythweb attempting to write to an
> > image cache, which is also under the mythweb folder. httpd_unified is
> > set to 1,
>
> In order to allow httpd to write, you now need both the
> "httpd_builtin_scripting" and "httpd_unified" booleans enabled.
> The default for both is true, AFAIK; presumably you were bit by the
> upgrade bug for the booleans file.
>
Thanks, Colin. httpd_builtin_scripting was indeed inactive, and
"setsebool -P httpd_builtin_scripting=1" did the trick.
-Tim
More information about the fedora-selinux-list
mailing list