SELinux "allow httpd_t httpd_sys_content_t:dir write;"

Posted by alexus on Server Fault See other posts from Server Fault or by alexus
Published on 2014-06-12T23:27:43Z Indexed on 2014/06/13 3:27 UTC
Read the original article Hit count: 478

Filed under:
|
|

I'm getting following message in my /var/log/audit/audit.log:

type=AVC msg=audit(1402615093.053:68): avc:  denied  { write } for  pid=799 comm="httpd" name="php" dev="xvda1" ino=8667365 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1402615093.053:68): arch=c000003e syscall=2 success=no exit=-13 a0=7f7a5ca697a8 a1=241 a2=1b6 a3=1 items=0 ppid=662 pid=799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

pipe audit2allow outputs:

#============= httpd_t ==============

#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:dir write;

How do I apply allow httpd_t httpd_sys_content_t:dir write; to my current SELinux policy?

© Server Fault or respective owner

Related posts about redhat

Related posts about selinux