SELinux "allow httpd_t httpd_sys_content_t:dir write;"

Posted by alexus on Server Fault See other posts from Server Fault or by alexus
Published on 2014-06-12T23:27:43Z Indexed on 2014/06/13 3:27 UTC
Read the original article Hit count: 473

Filed under:

redhat

|

selinux

|

rhel7

I'm getting following message in my /var/log/audit/audit.log:

type=AVC msg=audit(1402615093.053:68): avc:  denied  { write } for  pid=799 comm="httpd" name="php" dev="xvda1" ino=8667365 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1402615093.053:68): arch=c000003e syscall=2 success=no exit=-13 a0=7f7a5ca697a8 a1=241 a2=1b6 a3=1 items=0 ppid=662 pid=799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

pipe audit2allow outputs:

#============= httpd_t ==============

#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:dir write;

How do I apply allow httpd_t httpd_sys_content_t:dir write; to my current SELinux policy?

© Server Fault or respective owner

Related posts about redhat

Invalid configuration `noarch-redhat-linux-gnu': machine `noarch-redhat' not recognized

as seen on Server Fault - Search for 'Server Fault'
When I try to build rpm from src rpm (Apache 2.4.1) I got this error: rpmbuild -tb httpd-2.4.1.tar.bz2 --ba httpd.spec + ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=noarch-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin… >>> More
`# probe: true` in /etc/rc.d/init.d/* files on a RedHat system

as seen on Server Fault - Search for 'Server Fault'
Some files (e.g. nfs, nfslock, bind) in my /etc/rc.d/init.d/ directory have in their comment header a line such as: # probe: true I found that those particular scripts has the probe verb i.e.: service nfs probe But this is due to the fact that the mentioned scripts has code that deals with the… >>> More
Redhat Software RAID 1 not syncing

as seen on Server Fault - Search for 'Server Fault'
Hey guys, I setup a software RAID 1 on a Redhat server, everything went sweet and it synced the first time. The other day the raid failedover for some reason and the disks hadn't been syncing since that first time, so it went back to 2 weeks ago when we did the first sync. We got the system back… >>> More
Failed to start X server. REDHAT LINUX 5.3

as seen on Super User - Search for 'Super User'
I installed Red-hat 5.3 problem is that it is not showing graphical interface. only kernel / command prompt is available. I tried startx, then I got this msg No video BIOS modes for chosen depth also showing that ERROR: Failed to start X server. What should I do? >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More

Related posts about selinux

AD GIT SELinux RHEL 6 : Can not get SELinux to allow connetion to git

as seen on Server Fault - Search for 'Server Fault'
I have a problem with SELinux! I have installed git on Red Hat Enterprise 6 with AD group control and SSL Cert . Everything works fine if I do setenforce 0 ( set SELinux in detection only mode ) or if I do semanage permissive -a httpd_t (Set httpd_t in detection only mode) I do not want to use… >>> More
How do I enable SELinux when booting a ramdisk from a CD/DVD?

as seen on Server Fault - Search for 'Server Fault'
I have a bootable DVD which boots the same Kernel as the Hard Drive (which uses SELinux). I have copied /etc/selinux and all kernel modules to my ramdisk, and have tried various combinations of selinux=1 and selinux 1 with enforcing 1 and enforcing 0. as Kernel boot parameters. All files contained… >>> More
How do I enable SELinux when booting from a CD/DVD?

as seen on Server Fault - Search for 'Server Fault'
I have a bootable DVD which boots the same Kernel as the Hard Drive (which uses SELinux). I have copied /etc/selinux and all the kernel modules to my ramdisk, and have tried both selinux=1 and selinux 1 as Kernel boot parameters. After the system boots, I check dmesg: % dmesg | grep -i selinux Kernel… >>> More
How does SELinux affect the /home directory?

as seen on Server Fault - Search for 'Server Fault'
Hi everyone. I'm migrating a CentOS 5.3 system from MySQL to PostgreSQL. The way our machine is set up is that the biggest disk partition is mounted to /home. This is out of my control and is managed by the hosting provider. Anyway, we obviously want the database files to be on /home for this… >>> More
Question regarding the SELinux type enforcement file

as seen on Server Fault - Search for 'Server Fault'
In my SElinux te file, I define two new types called voice_t and data_t which certain directories will be classified in the fc file (/data/ will be of type data_t and /voice/ will be of type voice_t). I would like the one SELinux policy to be used for all servers in my network, but, some servers… >>> More