> type=AVC msg=audit(1482944350.289:339): avc: denied { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0
I ran into the same problem, I think. I ran "audit2why" and passed in
the AVC. It suggested a pair of booleans I've never seen before.
# audit2why
type=AVC msg=audit(1483077583.703:1539671): avc: denied { read } for
pid=11162 comm="httpd" name="courier-pythonfilter" dev="dm-0"
ino=533228 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow httpd to read user content
Allow access by executing:
# setsebool -P httpd_read_user_content 1
Description:
Allow httpd to unified
Allow access by executing:
# setsebool -P httpd_unified 1
# setsebool -P httpd_read_user_content 1
... and setting one of them fixed the problem.
I don't see a bug filed for this. Can anyone else confirm that
httpd_enable_homedirs doesn't work as it did before 7.3? I suspect
it's not widely used and the bug may not have been noticed yet.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
Re: Help with httpd userdir recovery
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Help with httpd userdir recovery
- From: Gordon Messmer <gordon.messmer@xxxxxxxxx>
- Date: Thu, 29 Dec 2016 22:08:21 -0800
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <c4b05555-4626-459d-86e0-8af3681983b0@htt-consult.com>
- References: <db3d0e82-2f7f-7e34-6925-d51306b86db6@htt-consult.com> <1482857324.5028.10.camel@quad> <fdc50982-7254-2950-3f5a-66fcb23aa231@htt-consult.com> <1482868702.5028.22.camel@quad> <b8b65163-5817-429c-0931-e12f23a48371@htt-consult.com> <cb12b4b4-4d3a-ed28-bc0a-cbe4ac21ed52@voipsupport.it> <4de70b53-b68d-7138-ffa7-c35d65795403@htt-consult.com> <3d792aa0-007c-1a32-c296-afe0ac51dfe1@voipsupport.it> <70e9dae7-a8d5-270d-1f4c-6e3d8d06d340@htt-consult.com> <a830cc08-6537-ec64-3a31-4b0b186e2b08@voipsupport.it> <9f89e672-8948-614a-75a8-c2086cd105e7@htt-consult.com> <CA+vp9e1oMW460AnokRPnEnb5+r33F_ODdEQv1uaCQEhyouGgdg@mail.gmail.com> <c4b05555-4626-459d-86e0-8af3681983b0@htt-consult.com>
- Follow-Ups:
- Re: Help with httpd userdir recovery
- From: Robert Moskowitz
- Re: Help with httpd userdir recovery
- References:
- Help with httpd userdir recovery
- From: Robert Moskowitz
- Re: Help with httpd userdir recovery
- From: Leonard den Ottolander
- Re: Help with httpd userdir recovery
- From: Robert Moskowitz
- Re: Help with httpd userdir recovery
- From: Leonard den Ottolander
- Re: Help with httpd userdir recovery
- From: Robert Moskowitz
- Re: Help with httpd userdir recovery
- From: John Fawcett
- Re: Help with httpd userdir recovery
- From: Robert Moskowitz
- Re: Help with httpd userdir recovery
- From: John Fawcett
- Re: Help with httpd userdir recovery
- From: Robert Moskowitz
- Re: Help with httpd userdir recovery
- From: John Fawcett
- Re: Help with httpd userdir recovery
- From: Robert Moskowitz
- Re: Help with httpd userdir recovery
- From: Todor Petkov
- Re: Help with httpd userdir recovery
- From: Robert Moskowitz
- Help with httpd userdir recovery
- Prev by Date: Re: chronyd configuration as a local ntp server
- Next by Date: Re: Help with httpd userdir recovery
- Previous by thread: Re: Help with httpd userdir recovery
- Next by thread: Re: Help with httpd userdir recovery
- Index(es):
 |