On Sat, 2006-07-29 at 14:56 -0300, Clodoaldo Pinto wrote:
> FC5. After upgrading phpBB from 2.0.19 to 2.0.21 I get this message:
>
> kernel: audit(1154193819.965:244): avc: denied { getattr } for
> pid=10862 comm="httpd" name="index.php" dev=sda1 ino=2553454
> scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:tmp_t:s0
> tclass=file
>
> Why didn't I have it with the old version?
The old version was probably installed properly...
> I know there are booleans related to httpd:
>
> # getsebool -a | grep httpd
> allow_httpd_anon_write --> off
> allow_httpd_mod_auth_pam --> off
> allow_httpd_sys_script_anon_write --> off
> httpd_builtin_scripting --> on
> httpd_can_network_connect --> off
> httpd_can_network_connect_db --> on
> httpd_can_network_relay --> off
> httpd_disable_trans --> off
> httpd_enable_cgi --> on
> httpd_enable_ftp_server --> off
> httpd_enable_homedirs --> on
> httpd_rotatelogs_disable_trans --> off
> httpd_ssi_exec --> on
> httpd_suexec_disable_trans --> off
> httpd_tty_comm --> off
> httpd_unified --> on
>
> Which one, if any, can solve this problem?
None of them. The problem is that the file has the wrong context type,
probably due to having bee unpacked in /tmp and copied into your web
server area. You need to change the context type of the php files and
the directory they are in to httpd_sys_content_t.
Paul.
