I don't know what's wrong off the top of my head, but check: /var/log/messages It'll have an entry detailing exactly what context failed to do what to what other context. Then you can either tweak the contexts (check the entire path e.g. /home and /home/httpd), or use "audit2allow -l -i /var/log/messages" to get some (possibly over-broad) policy statement which you can add to your policy Craig Miskell > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Bill Tangren > Sent: Thursday, 22 February 2007 5:07 a.m. > To: redhat-list@xxxxxxxxxx > Subject: php apache SELinux problem > > I have a web page that calls a file, default.php. The web > page works fine on a > server with SELinux turned off, but not on one with enforcing > turned on. The > errors in the logs are like this: > > [client 10.x.x.x] PHP Warning: main(php/defaults.php): > failed to open stream: > Permission denied in /home/httpd/index.php on line 3 > [client 10.x.x.x] PHP Warning: main(): Failed opening > 'php/defaults.php' for > inclusion (include_path='.:/usr/share/pear') in > /home/httpd/index.php on line 3 > > The permissions on the files are: > > -rw-rw-r-- 1 apache apache 8299 Feb 21 10:19 php/defaults.php > -rw-rw-r-- 1 apache apache 4617 Feb 21 10:31 index.php > > The SELinux settings are: > > -rw-rw-r-- apache apache > system_u:object_r:httpd_sys_content_t php/defaults.php > -rw-rw-r-- apache apache > system_u:object_r:httpd_sys_content_t index.php > > The first three lines of index.php looks like this: > > <?php > $relative_path_to_php = "php/"; //*relative* path from > *this* page to php > directory > include($relative_path_to_php."defaults.php"); > > > Any thoughts on why I'm having this problem? > > Bill > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > ======================================================================= Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. ======================================================================= -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
