WebDAV

Daniel J Walsh dwalsh at redhat.com
Thu Sep 8 12:10:12 UTC 2005 

Andrew Z wrote:

>
> Is there a SELinux policy for use with WebDAV?   I have the WebDAV 
> working correctly with Apache and Cadaver, but SELinux prevents 
> writing.  I have noticed that there are at least two issues.  First, 
> SELinux prevents Apache from writing to httpd_sys_content_t.  Second, 
> Apache needs to update its locking database.  I don't want to allow 
> write access to all httpd_sys_content_t.
> type=AVC msg=audit(1126138296.843:56): avc:  denied  { write } for  
> pid=3525 comm="httpd" name="lockdb.dir" dev=hda7 ino=1011851 
> scontext=system_u:system_r:httpd_t 
> tcontext=system_u:object_r:var_lib_t tclass=file
> type=SYSCALL msg=audit(1126138296.843:56): arch=40000003 syscall=5 
> success=yes exit=11 a0=8675e00 a1=42 a2=1b6 a3=886a6c0 items=1 
> pid=3525 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 
> egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
> type=CWD msg=audit(1126138296.843:56):  cwd="/"
> type=PATH msg=audit(1126138296.843:56): item=0 
> name="/var/lib/dav/lockdb.dir" flags=310  inode=1006106 dev=03:07 
> mode=040700 ouid=48 ogid=48 rdev=00:00
>
>
> type=AVC msg=audit(1126138520.634:58): avc:  denied  { write } for  
> pid=3526 comm="httpd" name="lockdb.dir" dev=hda7 ino=1011851 
> scontext=system_u:system_r:httpd_t 
> tcontext=system_u:object_r:var_lib_t tclass=file
> type=SYSCALL msg=audit(1126138520.634:58): arch=40000003 syscall=5 
> success=yes exit=11 a0=867dc20 a1=42 a2=1b6 a3=867fbd8 items=1 
> pid=3526 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 
> egid=48 sgid=48 fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
> type=CWD msg=audit(1126138520.634:58):  cwd="/"
> type=PATH msg=audit(1126138520.634:58): item=0 
> name="/var/lib/dav/lockdb.dir" flags=310  inode=1006106 dev=03:07 
> mode=040700 ouid=48 ogid=48 rdev=00:00
>
>
>
try
chcon -R -t httpd_sys_script_rw_t /var/lib/dav

>
> Andrew
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list



--

More information about the fedora-selinux-list mailing list