[CentOS] Help with httpd userdir recovery
Gordon Messmer
gordon.messmer at gmail.com
Fri Dec 30 06:08:21 UTC 2016
> type=AVC msg=audit(1482944350.289:339): avc: denied { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0
I ran into the same problem, I think. I ran "audit2why" and passed in
the AVC. It suggested a pair of booleans I've never seen before.
# audit2why
type=AVC msg=audit(1483077583.703:1539671): avc: denied { read } for
pid=11162 comm="httpd" name="courier-pythonfilter" dev="dm-0"
ino=533228 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir
Was caused by:
One of the following booleans was set incorrectly.
Description:
Allow httpd to read user content
Allow access by executing:
# setsebool -P httpd_read_user_content 1
Description:
Allow httpd to unified
Allow access by executing:
# setsebool -P httpd_unified 1
# setsebool -P httpd_read_user_content 1
... and setting one of them fixed the problem.
I don't see a bug filed for this. Can anyone else confirm that
httpd_enable_homedirs doesn't work as it did before 7.3? I suspect
it's not widely used and the bug may not have been noticed yet.
More information about the CentOS
mailing list