It is
/var/www/html/ow_plugins/ow_userfiles/plugins/base/attachment/temp_5be3f85348052_5be3f85347985.docx
/var/www/html/ow_plugins/ow_userfiles/plugins/base/attachment/temp_5be3f85348052_5be3f85347985.docx
I also get this message while uploading a plugin file (zip file)
SELinux is preventing /usr/sbin/httpd from setattr access on the file /var/www/html/ow_pluginfiles/base/lang_3.php.
***** Plugin restorecon (99.5 confidence) suggests ************************
If you want to fix the label.
/var/www/html/ow_pluginfiles/base/lang_3.php default label should be httpd_sys_content_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/www/html/ow_pluginfiles/base/lang_3.php
***** Plugin catchall (1.49 confidence) suggests **************************
If you believe that httpd should be allowed setattr access on the lang_3.php file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects /var/www/html/ow_pluginfiles/base/lang_3.php [
file ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages httpd-2.4.6-80.el7.centos.1.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name sn.scu.ac.ir
Platform Linux sn.scu.ac.ir 3.10.0-862.11.6.el7.x86_64 #1
SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64
Alert Count 4
First Seen 2018-11-08 12:47:44 +0330
Last Seen 2018-11-08 12:47:45 +0330
Local ID 3abcf430-043b-4d78-ba62-91c14416a2d5
Raw Audit Messages
type=AVC msg=audit(1541668665.173:28113): avc: denied { setattr } for pid=24134 comm="httpd" name="lang_3.php" dev="dm-0" ino=2316067 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1541668665.173:28113): arch=x86_64 syscall=chmod success=no exit=EACCES a0=7f1040ea3478 a1=1b6 a2=7f10599c8300 a3=7f105999a550 items=0 ppid=13555 pid=24134 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,user_home_t,file,setattr
***** Plugin restorecon (99.5 confidence) suggests ************************
If you want to fix the label.
/var/www/html/ow_pluginfiles/base/lang_3.php default label should be httpd_sys_content_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /var/www/html/ow_pluginfiles/base/lang_3.php
***** Plugin catchall (1.49 confidence) suggests **************************
If you believe that httpd should be allowed setattr access on the lang_3.php file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:user_home_t:s0
Target Objects /var/www/html/ow_pluginfiles/base/lang_3.php [
file ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages httpd-2.4.6-80.el7.centos.1.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name sn.scu.ac.ir
Platform Linux sn.scu.ac.ir 3.10.0-862.11.6.el7.x86_64 #1
SMP Tue Aug 14 21:49:04 UTC 2018 x86_64 x86_64
Alert Count 4
First Seen 2018-11-08 12:47:44 +0330
Last Seen 2018-11-08 12:47:45 +0330
Local ID 3abcf430-043b-4d78-ba62-91c14416a2d5
Raw Audit Messages
type=AVC msg=audit(1541668665.173:28113): avc: denied { setattr } for pid=24134 comm="httpd" name="lang_3.php" dev="dm-0" ino=2316067 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1541668665.173:28113): arch=x86_64 syscall=chmod success=no exit=EACCES a0=7f1040ea3478 a1=1b6 a2=7f10599c8300 a3=7f105999a550 items=0 ppid=13555 pid=24134 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,user_home_t,file,setattr
Problem occurred after an unexpected shutdown of the server!
Regards,
Mahmood
Mahmood
On Thursday, November 8, 2018, 12:53:42 PM GMT+3:30, Thomas Mueller <thomas@xxxxxxxxxxxxxx> wrote:
I don't think autid2allow produces a good solution for this
problem.
what is the full path to the file apache fails to write?
- Thomas
what is the full path to the file apache fails to write?
- Thomas
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
