SELinux and HTTP Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Anyone help me with this? I get this error every time httpd starts. This 
is still F12, but up to date.

The info isn't that helpful, as I don't have user directories enabled in 
httpd.conf anyway.

Thanks,
Richard


Summary:

SELinux is preventing /usr/sbin/httpd "search" access on /root/.local.

Detailed Description:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by httpd. The current boolean settings 
do not
allow this access. If you have not setup httpd to require this access 
this may
signal an intrusion attempt. If you do intend this access you need to 
change the
booleans on this system to allow the access.

Allowing Access:

Confined processes can be configured to run requiring different access, 
SELinux
provides booleans to allow you to turn on/off access as needed. The boolean
httpd_enable_homedirs is set incorrectly.
Boolean Description:
Allow httpd to read home directories


Fix Command:

# setsebool -P httpd_enable_homedirs 1

Additional Information:

Source Context                system_u:system_r:httpd_t:s0
Target Context                system_u:object_r:gconf_home_t:s0
Target Objects                /root/.local [ dir ]
Source                        httpd
Source Path                   /usr/sbin/httpd
Port <Unknown>
Host                          rghquad.bobjweil.com
Source RPM Packages           httpd-2.2.15-1.fc12.2
Target RPM Packages
Policy RPM                    selinux-policy-3.6.32-121.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Plugin Name                   catchall_boolean
Host Name                     rghquad.bobjweil.com
Platform                      Linux rghquad.bobjweil.com
                               2.6.32.21-166.fc12.x86_64 #1 SMP Fri Aug 27
                               06:07:37 UTC 2010 x86_64 x86_64
Alert Count                   1
First Seen                    Sun 12 Sep 2010 07:45:13 AM EDT
Last Seen                     Sun 12 Sep 2010 07:45:13 AM EDT
Local ID                      a422f71e-92a5-4bff-b510-1280613e0b11
Line Numbers

Raw Audit Messages

node=rghquad.bobjweil.com type=AVC msg=audit(1284291913.888:7): avc:  
denied  { search } for  pid=1956 comm="httpd" name=".local" dev=sda5 
ino=794581 scontext=system_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir

node=rghquad.bobjweil.com type=SYSCALL msg=audit(1284291913.888:7): 
arch=c000003e syscall=4 success=no exit=-2 a0=7f2cd52b9e20 
a1=7fffb5a5f7b0 a2=7fffb5a5f7b0 a3=6b6361702d657469 items=0 ppid=1 
pid=1956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" 
subj=system_u:system_r:httpd_t:s0 key=(null)



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux