On 02/21/2017 12:06 PM, Daniel J Walsh wrote: > > On 02/21/2017 11:52 AM, Robert Moskowitz wrote: >> >> On 02/21/2017 11:46 AM, Zdenek Sedlak wrote: >>> On 2017-02-21 17:30, Robert Moskowitz wrote: >>>> postfixadmin setup.php is claiming: >>>> >>>> *Error: Smarty template compile directory templates_c is not writable.* >>>> *Please make it writable.* >>>> *If you are using SELinux or AppArmor, you might need to adjust their >>>> setup to allow write access.* >>>> >>>> >>>> This goes away with 'setenforce 0', so it is an SELinux issue. I have >>>> tried both: >>>> >>>> restorecon -Rv /usr/share/postfixadmin >>>> >>>> and >>>> >>>> chcon -R -t httpd_sys_content_t /usr/share/postfixadmin >>>> >>>> and they are not the problem. Googling this message doe snot produce >>>> any SELinux advice. >>>> >>>> Any ideas? >>>> >>>> thanks >>>> >>>> _______________________________________________ >>>> CentOS mailing list >>>> CentOS at centos.org >>>> https://lists.centos.org/mailman/listinfo/centos >>> Hi, >>> >>> after 'setenforce 0' check the /var/log/audit/audit.log: >>> >>> # grep /var/log/audit/audit.log | audit2why >> Don't I need a search string in that grep command? >> >>> to see where the problem could be. >> Anyway the last three entries are: >> >> type=AVC msg=audit(1487695678.704:128): avc: denied { write } for >> pid=2055 comm="httpd" name="templates_c" dev="sda3" ino=786958 >> scontext=system_u:system_r:httpd_t:s0 >> tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir >> permissive=1 >> > If you want to allow apache processes to write to the templates_c > directory you need to label it httpd_sys_content_rw_t. Thanks! I undid the httpd_unified with: setsebool -P httpd_unified 0 Then did chcon -R -t httpd_sys_content_rw_t /usr/share/postfixadmin/templates_c And SELinux appears to be happy. >> type=SYSCALL msg=audit(1487695678.704:128): arch=40000028 syscall=33 >> per=800000 success=yes exit=0 a0=813c3ed0 a1=2 a2=0 a3=0 items=0 >> ppid=2053 pid=2055 auid=4294967295 uid=48 gid=48 euid=48 suid=48 >> fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 >> comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 >> key=(null) >> >> type=PROCTITLE msg=audit(1487695678.704:128): >> proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44 >> >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >