Re: SELinux avc: denied after upgrading phpBB

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2006-07-29 at 14:56 -0300, Clodoaldo Pinto wrote:
> FC5. After upgrading phpBB from 2.0.19 to 2.0.21 I get this message:
> 
> kernel: audit(1154193819.965:244): avc:  denied  { getattr } for
> pid=10862 comm="httpd" name="index.php" dev=sda1 ino=2553454
> scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:tmp_t:s0
> tclass=file
> 
> Why didn't I have it with the old version?

The old version was probably installed properly...

> I know there are booleans related to httpd:
> 
> # getsebool -a | grep httpd
> allow_httpd_anon_write --> off
> allow_httpd_mod_auth_pam --> off
> allow_httpd_sys_script_anon_write --> off
> httpd_builtin_scripting --> on
> httpd_can_network_connect --> off
> httpd_can_network_connect_db --> on
> httpd_can_network_relay --> off
> httpd_disable_trans --> off
> httpd_enable_cgi --> on
> httpd_enable_ftp_server --> off
> httpd_enable_homedirs --> on
> httpd_rotatelogs_disable_trans --> off
> httpd_ssi_exec --> on
> httpd_suexec_disable_trans --> off
> httpd_tty_comm --> off
> httpd_unified --> on
> 
> Which one, if any, can solve this problem?

None of them. The problem is that the file has the wrong context type,
probably due to having bee unpacked in /tmp and copied into your web
server area. You need to change the context type of the php files and
the directory they are in to httpd_sys_content_t.

Paul.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux