<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 02/03/2017 11:07 AM, Gordan Bobic
wrote:<br>
</div>
<blockquote
cite="mid:CAMx4oe3wB3zve_e3rfUGmbuh-u_4962NckNGTTX6+CK=ygRSpg@mail.gmail.com"
type="cite">
<div dir="ltr">Have you done:<br>
# setsebool -P httpd_enable_homedirs true<br>
?<br>
</div>
</blockquote>
<br>
Yes. That is in my notes to do.<br>
<br>
<blockquote
cite="mid:CAMx4oe3wB3zve_e3rfUGmbuh-u_4962NckNGTTX6+CK=ygRSpg@mail.gmail.com"
type="cite">
<div dir="ltr">You may also need to do the following on each
user's http exposed folder:<br>
# chcon -R -t httpd_sys_content_t ~<username>/public_html<i><br>
</i></div>
</blockquote>
<br>
No. I did:<br>
<br>
restorecon -Rv /home<br>
<br>
I am getting the same behavior with Fedora 25 Server image, so this
is either something really wrong with SELinux on the Cubie, or
something has changed....<br>
<br>
I just tried this and it now WORKS!!!! Thanks Gordon. This is NOT
in anything I have read on userdir and Apache 2.4.<br>
<br>
ARGH!!!!<br>
<br>
<blockquote
cite="mid:CAMx4oe3wB3zve_e3rfUGmbuh-u_4962NckNGTTX6+CK=ygRSpg@mail.gmail.com"
type="cite">
<div dir="ltr"><i><br>
<br>
</i></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Feb 3, 2017 at 3:59 PM, Robert
Moskowitz <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rgm@htt-consult.com" target="_blank">rgm@htt-consult.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <br>
<br>
<div class="m_-7241014322650952235moz-cite-prefix">On
02/03/2017 09:05 AM, Gordan Bobic wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">On Fri, Feb 3, 2017 at 1:58 PM, Robert
Moskowitz <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:rgm@htt-consult.com" target="_blank">rgm@htt-consult.com</a>></span>
wrote:<br>
<div class="gmail_quote">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px
#ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Gordon,<br>
<br>
One would think that, but there is
something off with at least the CubieTruck
build. I will check that all those rpms
are installed (pretty sure they are), but
when I set up a web server with personal
directories, i got permission errors on
listing the files, but no problem
displaying individual files. Plus there
are all these SELinux warnings I am
getting that seem to indicate something is
amiss.<br>
<br>
I am reaching the point of focusing on
Fedora server for now. I had hopes of
pushing Centos7-arm in a couple of
business venues.<br>
</div>
</blockquote>
<div><br>
<br>
<br>
</div>
<div>Are you certain it is an SELinux problem,
and if so, are parent directory labels
correct?<br>
The symptoms you are describing seem more
typically indicative of an Apache
configuration problem.<br>
Do tail -f on /var/log/audit/audit.log and
see what appears there. If there is a
SELinux violation, it will show up in there.<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
OK. Here goes. I attached my web server drive to my
CubieTruck; I had left this drive all ready to go into
production. SELinux enforced and all that. When I
started up the tail, a bunch of messages were sent to the
console. I then attempted to access one of my
directories: <br>
<br>
<a moz-do-not-send="true"
class="m_-7241014322650952235moz-txt-link-freetext"
href="http://medon.htt-consult.com/%7Ergm/cubieboard/"
target="_blank">http://medon.htt-consult.com/~<wbr>rgm/cubieboard/</a><br>
<br>
Note, that this is a public server, and you too could try
this. For as long as I have the server running on this
address.<br>
<br>
I got:<br>
<br>
Forbidden<br>
<br>
You don't have permission to access /~rgm/cubieboard/ on
this server.<br>
<br>
and all of the tail messages are:<br>
<br>
# tail -f on /var/log/audit/audit.log<br>
tail: cannot open 'on' for reading: No such file or
directory<br>
==> /var/log/audit/audit.log <==<br>
type=SERVICE_STOP msg=audit(69.095:94): pid=1 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:init_t:<wbr>s0
msg='unit=systemd-readahead-<wbr>done comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'<br>
type=USER_ACCT msg=audit(1486134062.358:95): pid=1760
uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:crond_<wbr>t:s0-s0:c0.c1023
msg='op=PAM:accounting grantors=pam_access,pam_unix
acct="root" exe="/usr/sbin/crond" hostname=? addr=?
terminal=cron res=success'<br>
type=CRED_ACQ msg=audit(1486134062.363:96): pid=1760 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:crond_<wbr>t:s0-s0:c0.c1023
msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root"
exe="/usr/sbin/crond" hostname=? addr=? terminal=cron
res=success'<br>
type=LOGIN msg=audit(1486134062.363:97): pid=1760 uid=0
subj=system_u:system_r:crond_<wbr>t:s0-s0:c0.c1023
old-auid=4294967295 auid=0 old-ses=4294967295 ses=2 res=1<br>
type=USER_START msg=audit(1486134062.513:98): pid=1760
uid=0 auid=0 ses=2 subj=system_u:system_r:crond_<wbr>t:s0-s0:c0.c1023
msg='op=PAM:session_open grantors=pam_loginuid,pam_<wbr>keyinit,pam_limits,pam_systemd
acct="root" exe="/usr/sbin/crond" hostname=? addr=?
terminal=cron res=success'<br>
type=CRED_REFR msg=audit(1486134062.528:99): pid=1760
uid=0 auid=0 ses=2 subj=system_u:system_r:crond_<wbr>t:s0-s0:c0.c1023
msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root"
exe="/usr/sbin/crond" hostname=? addr=? terminal=cron
res=success'<br>
type=CRED_DISP msg=audit(1486134062.773:100): pid=1760
uid=0 auid=0 ses=2 subj=system_u:system_r:crond_<wbr>t:s0-s0:c0.c1023
msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root"
exe="/usr/sbin/crond" hostname=? addr=? terminal=cron
res=success'<br>
type=USER_END msg=audit(1486134062.783:101): pid=1760
uid=0 auid=0 ses=2 subj=system_u:system_r:crond_<wbr>t:s0-s0:c0.c1023
msg='op=PAM:session_close grantors=pam_loginuid,pam_<wbr>keyinit,pam_limits,pam_systemd
acct="root" exe="/usr/sbin/crond" hostname=? addr=?
terminal=cron res=success'<br>
type=SERVICE_START msg=audit(1486134482.523:102): pid=1
uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:init_t:<wbr>s0
msg='unit=systemd-tmpfiles-<wbr>clean comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'<br>
type=SERVICE_STOP msg=audit(1486134482.528:103): pid=1
uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:init_t:<wbr>s0
msg='unit=systemd-tmpfiles-<wbr>clean comm="systemd"
exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'<br>
type=AVC msg=audit(1486137172.395:104): avc: denied {
read } for pid=1866 comm="httpd" name="cubieboard"
dev="sda3" ino=262190 scontext=system_u:system_r:<wbr>httpd_t:s0
tcontext=unconfined_u:object_<wbr>r:httpd_user_content_t:s0
tclass=dir permissive=0<br>
type=SYSCALL msg=audit(1486137172.395:104): arch=40000028
syscall=322 per=800000 success=no exit=-13 a0=ffffff9c
a1=7f844440 a2=a4800 a3=0 items=0 ppid=624 pid=1866
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48
egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295
comm="httpd" exe="/usr/sbin/httpd"
subj=system_u:system_r:httpd_<wbr>t:s0 key=(null)<br>
type=PROCTITLE msg=audit(1486137172.395:104): proctitle=<wbr>2F7573722F7362696E2F6874747064<wbr>002D44464F524547524F554E44<br>
<br>
<br>
I know from earlier testing, if I interactively change
SELinux to permissive, the directory display works.<br>
<br>
So what is next to try?<br>
<br>
Bob<br>
<br>
</div>
<br>
______________________________<wbr>_________________<br>
Arm-dev mailing list<br>
<a moz-do-not-send="true" href="mailto:Arm-dev@centos.org">Arm-dev@centos.org</a><br>
<a moz-do-not-send="true"
href="https://lists.centos.org/mailman/listinfo/arm-dev"
rel="noreferrer" target="_blank">https://lists.centos.org/<wbr>mailman/listinfo/arm-dev</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Arm-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Arm-dev@centos.org">Arm-dev@centos.org</a>
<a class="moz-txt-link-freetext" href="https://lists.centos.org/mailman/listinfo/arm-dev">https://lists.centos.org/mailman/listinfo/arm-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>