Re: Denied for com='ps' name='stat' {open} {read} {search}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday, December 26, 2010 04:00:56 pm Frank Licea wrote:
> I'm on a fresh install of Fedora 14 and using phusion passenger. I
> currently have SELinux in permissive mode.
> 
>  When I checked my /var/log/audit/audit.log file I noticed three denial
> messages and I can't figure out why they are there. Has anyone encountered
> anything similar before?

It seems Apache (httpd_t) is trying to open/read some files that are labeled 
incorrectly.  

Apache (httpd_d) usually can only read files labeled as httpd_sys_content_t.  
In your case, the files are labeled as "unconfined_t".

Usually you don't have this problem if you serve your pages from anywhere 
within the standard location (/var/www/html).  If you're serving from other 
non-standard location you must tell SELinux about it. For example, if you're 
using /srv/myweb

You'll need to register this location with:

semanage fcontext -a -t httpd_sys_content_t '/srv/myweb(/.*)?'

and then apply the labels:

restorecon -R /srv/myweb

HTH,
Jorge
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux