Re: Help with httpd userdir recovery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> type=AVC msg=audit(1482944350.289:339): avc:  denied  { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0

I ran into the same problem, I think.  I ran "audit2why" and passed in
the AVC.  It suggested a pair of booleans I've never seen before.

# audit2why
type=AVC msg=audit(1483077583.703:1539671): avc:  denied  { read } for
 pid=11162 comm="httpd" name="courier-pythonfilter" dev="dm-0"
ino=533228 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir

    Was caused by:
    One of the following booleans was set incorrectly.
    Description:
    Allow httpd to read user content

    Allow access by executing:
    # setsebool -P httpd_read_user_content 1
    Description:
    Allow httpd to unified

    Allow access by executing:
    # setsebool -P httpd_unified 1
# setsebool -P httpd_read_user_content 1

... and setting one of them fixed the problem.

I don't see a bug filed for this.  Can anyone else confirm that
httpd_enable_homedirs doesn't work as it did before 7.3?  I suspect
it's not widely used and the bug may not have been noticed yet.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux