But still wondering - Re: [fedora-arm] Fedora-Server-armhfp-25-1.3-sda - httpd userdir and selinux probem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



But still the question as to all these SELinux messages.  Very confusing.

On 02/04/2017 11:34 PM, Robert Moskowitz wrote:
I did all of my steps to build a Fedora Server with updates and installed httpd.

I edited the /etc/httpd/conf.d/userdir.conf to enable userdir. I kept all of the rest of this conf file unchanged.

I added my z00-init.conf file:

ServerAdmin rgm@xxxxxxxxxxxxxxx
ServerName medon.htt-consult.com:80
# NameVirtualHost *:80
# NameVirtualHost *:443

I followed the permission instructions in the userdir.conf file, copied some files into my public_html

set my IP addr and all the rest, put the Cubie on my DMZ and tried to access a file:

http://medon.htt-consult.com/~rgm/cubieboard/cubietower-2.JPG

This works.  You can try this also, as the server is public.

But I cannot access just a directory:


http://medon.htt-consult.com/~rgm/cubieboard/

I get:

=====

Forbidden

You don't have permission to access /~rgm/cubieboard/ on this server.

=====

If I disable SELinux with 'setenforce 0' I get the listing of files in this directory.

The userdir.conf default is:

<Directory "/home/*/public_html">
    AllowOverride FileInfo AuthConfig Limit Indexes
    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
    Require method GET POST OPTIONS
</Directory>

So this should work.  /var/log/httpd/error.log reports:

[Sat Feb 04 23:24:13.289963 2017] [negotiation:error] [pid 865] (13)Permission denied: [client 192.168.160.12:56918] AH00686: cannot read directory for multi: /home/rgm/public_html/cubieboard/

permissions are:

# ls -ls /home/rgm/public_html/
total 4
0 drwxrwxr-x. 2 rgm rgm  54 Feb  4 22:51 cubieboard
0 drwxrwxr-x. 2 rgm rgm 203 Feb  4 22:51 Harpsichord
0 drwxrwxr-x. 2 rgm rgm  73 Feb  4 22:51 ietf
4 -rw-rw-r--. 1 rgm rgm  12 Jan 21  2013 index.html

# ls -ls /home/rgm/public_html/cubieboard/
total 3504
1420 -rw-rw-r--. 1 rgm rgm 1450256 Aug 27  2014 cubietower-2.JPG
2084 -rw-r--r--. 1 rgm rgm 2131328 Sep  4  2014 cubietower-3.JPG

Why did I suspect SELinux you ask? Well I get all these warnings when I do any SELinux command. What follows is everything I could gather from the console.

So please tell me what is the problem and how to fix it. I really want to get this simple server up and in production already...


Upgrading : selinux-policy-targeted-3.13.1-225.6.fc25.noarch 310/844 [ 8981.136506] SELinux: Permission validate_trans in class security not defined in policy. [ 8981.144734] SELinux: Permission module_load in class system not defined in policy. [ 8981.152998] SELinux: the above unknown classes and permissions will be allowed [ 8985.835670] SELinux: Context unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped). [ 8987.072186] SELinux: Context system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).

/var/lib/selinux/targeted/active/policy.kern: read error
(tried to read 8192 bytes from offset 3848760)
cannot reconstruct rpm from disk files

[    0.006234] SELinux:  Initializing.
[ 6.113236] systemd[1]: systemd 231 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN) [ 17.446033] SELinux: Permission validate_trans in class security not defined in policy. [ 17.454298] SELinux: Permission module_load in class system not defined in policy. [ 17.462557] SELinux: the above unknown classes and permissions will be allowed [ 17.544762] systemd[1]: Successfully loaded SELinux policy in 910.703ms.


Upgrading : container-selinux-2:2.5-1.fc25.noarch 179/500 [11840.708423] SELinux: Permission validate_trans in class security not defined in policy. [11840.716674] SELinux: Permission module_load in class system not defined in policy. [11840.725023] SELinux: the above unknown classes and permissions will be allowed [11841.999564] SELinux: Context system_u:system_r:gear_t:s0-s0:c0.c1023 became invalid (unmapped). [11847.589662] SELinux: Context unconfined_u:system_r:gear_t:s0-s0:c0.c1023 became invalid (unmapped). libsemanage.semanage_direct_remove_key: Removing last container module (no other container module exists at another priority).

# semanage port -a -t ssh_port_t -p tcp 1234 /* not the real port number [116454.082753] SELinux: Permission validate_trans in class security not defined in policy. [116454.091093] SELinux: Permission module_load in class system not defined in policy. [116454.099465] SELinux: the above unknown classes and permissions will be allowed

# setsebool -P httpd_enable_homedirs on
[120049.339391] SELinux: Permission validate_trans in class security not defined in policy. [120049.347700] SELinux: Permission module_load in class system not defined in policy. [120049.356072] SELinux: the above unknown classes and permissions will be allowed

thanks
_______________________________________________
arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux ARM (Vger)]     [Linux ARM]     [ARM Kernel]     [Fedora User Discussion]     [Older Fedora Users Discussion]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Maintainers]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

Powered by Linux