Interesting, but I can't do anything until around the 9th.
On 12/30/2016 01:08 AM, Gordon Messmer wrote:
>> type=AVC msg=audit(1482944350.289:339): avc: denied { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0
> I ran into the same problem, I think. I ran "audit2why" and passed in
> the AVC. It suggested a pair of booleans I've never seen before.
>
> # audit2why
> type=AVC msg=audit(1483077583.703:1539671): avc: denied { read } for
> pid=11162 comm="httpd" name="courier-pythonfilter" dev="dm-0"
> ino=533228 scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir
>
> Was caused by:
> One of the following booleans was set incorrectly.
> Description:
> Allow httpd to read user content
>
> Allow access by executing:
> # setsebool -P httpd_read_user_content 1
> Description:
> Allow httpd to unified
>
> Allow access by executing:
> # setsebool -P httpd_unified 1
> # setsebool -P httpd_read_user_content 1
>
> ... and setting one of them fixed the problem.
>
> I don't see a bug filed for this. Can anyone else confirm that
> httpd_enable_homedirs doesn't work as it did before 7.3? I suspect
> it's not widely used and the bug may not have been noticed yet.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>