Dear SELinux folks,
I am running Debian Squeeze with SELinux and Apache.
In Apache I configured a secured section using `AuthType Basic` with
`AuthUserFile /srv/site.htpasswd`. It works when the state of the system
is permissive. When in enforcing state the following error is logged.
type=AVC msg=audit(1308090063.174:17742): avc: denied { getattr } for pid=1412 comm="apache2" path="/srv/www/www.example.net/foo/bar.tar.gz" dev=xvda ino=425775 scontext=unconfined_u:system_r:httpd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1308090063.174:17742): arch=c000003e syscall=6 success=no exit=-13 a0=7f9da985eb38 a1=7fff8da1e6f0 a2=7fff8da1e6f0 a3=1 items=0 ppid=29237 pid=1412 auid=4294967295 uid=33 gid=33 euid=33 suid=33 fsuid=33 egid=33 sgid=33 fsgid=33 tty=(none) ses=4294967295 comm="apache2" exe="/usr/lib/apache2/mpm-prefork/apache2" subj=unconfined_u:system_r:httpd_t:s0-s0:c0.c1023 key=(null)
Is there a recommended location for these password files or a
recommended way what policies to set. Not being sure of the correct
search term for this I found plenty of sites regarding SELinux and
Apache but nothing related to my problem in the results. If you could
point me to some specific documentation that would be great too.
Thanks,
Paul
Attachment:
signature.asc
Description: This is a digitally signed message part
