On 02/03/2017 09:05 AM, Gordan Bobic wrote: > On Fri, Feb 3, 2017 at 1:58 PM, Robert Moskowitz <rgm at htt-consult.com > <mailto:rgm at htt-consult.com>> wrote: > > Gordon, > > One would think that, but there is something off with at least the > CubieTruck build. I will check that all those rpms are installed > (pretty sure they are), but when I set up a web server with > personal directories, i got permission errors on listing the > files, but no problem displaying individual files. Plus there are > all these SELinux warnings I am getting that seem to indicate > something is amiss. > > I am reaching the point of focusing on Fedora server for now. I > had hopes of pushing Centos7-arm in a couple of business venues. > > > > > Are you certain it is an SELinux problem, and if so, are parent > directory labels correct? > The symptoms you are describing seem more typically indicative of an > Apache configuration problem. > Do tail -f on /var/log/audit/audit.log and see what appears there. If > there is a SELinux violation, it will show up in there. OK. Here goes. I attached my web server drive to my CubieTruck; I had left this drive all ready to go into production. SELinux enforced and all that. When I started up the tail, a bunch of messages were sent to the console. I then attempted to access one of my directories: http://medon.htt-consult.com/~rgm/cubieboard/ Note, that this is a public server, and you too could try this. For as long as I have the server running on this address. I got: Forbidden You don't have permission to access /~rgm/cubieboard/ on this server. and all of the tail messages are: # tail -f on /var/log/audit/audit.log tail: cannot open 'on' for reading: No such file or directory ==> /var/log/audit/audit.log <== type=SERVICE_STOP msg=audit(69.095:94): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-readahead-done comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=USER_ACCT msg=audit(1486134062.358:95): pid=1760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_ACQ msg=audit(1486134062.363:96): pid=1760 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=LOGIN msg=audit(1486134062.363:97): pid=1760 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=0 old-ses=4294967295 ses=2 res=1 type=USER_START msg=audit(1486134062.513:98): pid=1760 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_REFR msg=audit(1486134062.528:99): pid=1760 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1486134062.773:100): pid=1760 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1486134062.783:101): pid=1760 uid=0 auid=0 ses=2 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=SERVICE_START msg=audit(1486134482.523:102): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=SERVICE_STOP msg=audit(1486134482.528:103): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-tmpfiles-clean comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' type=AVC msg=audit(1486137172.395:104): avc: denied { read } for pid=1866 comm="httpd" name="cubieboard" dev="sda3" ino=262190 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1486137172.395:104): arch=40000028 syscall=322 per=800000 success=no exit=-13 a0=ffffff9c a1=7f844440 a2=a4800 a3=0 items=0 ppid=624 pid=1866 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=PROCTITLE msg=audit(1486137172.395:104): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44 I know from earlier testing, if I interactively change SELinux to permissive, the directory display works. So what is next to try? Bob -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170203/2a15fe22/attachment-0006.html>