search for: allow_httpd_anon_writ

Hi, On an internal webserver (latest C6) I want smb-access to /var/www/html/ In april I did chcon -R -t public_content_rw_t /var/www/html/ setsebool -P allow_smbd_anon_write 1 setsebool -P allow_httpd_anon_write 1 echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts After the latest round of updates (including selinux-policy.noarch 0:3.7.19-260.el6_6.1 and selinux-policy-targeted.noarch 0:3.7.19-260.el6_6.1) samb...

...;, 'httpd_builtin_scripting', 'allow_ftpd_full_access', 'default', 'allow_ftpd_use_nfs', 'samba_enable_home_dirs', 'restorecon', 'selinuxpolicy', 'pppd_can_insmod', 'allow_daemons_dump_core', 'httpd_write_content', 'allow_httpd_anon_write', 'secure_mode_insmod', 'kernel_modules', 'samba_export_all_ro', 'httpd_enable_ftp_server', 'allow_postfix_local_write_mail_spool', 'execute', 'privoxy_connect_any', 'use_nfs_home_dirs', 'allow_smbd_anon_write', 'sys_r...

On Wed, December 17, 2014 05:07, Patrick Bervoets wrote: > Hi, > > On an internal webserver (latest C6) I want smb-access to /var/www/html/ > In april I did > chcon -R -t public_content_rw_t /var/www/html/ > setsebool -P allow_smbd_anon_write 1 > setsebool -P allow_httpd_anon_write 1 > echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> > /etc/selinux/targeted/contexts/files/file_contexts > > After the latest round of updates (including selinux-policy.noarch > 0:3.7.19-260.el6_6.1 and selinux-policy-targeted.noarch 0:...

On 12/17/2014 05:07 AM, Patrick Bervoets wrote: > Hi, > > On an internal webserver (latest C6) I want smb-access to /var/www/html/ > In april I did > chcon -R -t public_content_rw_t /var/www/html/ > setsebool -P allow_smbd_anon_write 1 > setsebool -P allow_httpd_anon_write 1 > echo "/var/www/html/ -- > unconfined_u:object_r:public_content_rw_t:s0" >> > /etc/selinux/targeted/contexts/files/file_contexts > This is incorrect. # semanage fcontext -a -t public_content_rw_t '/var/www/html(/.*?)' # restorecon -R -v /var/www/html...

...root root 4096 Sep 29 15:59 /var/www/html # cat /var/www/html/.htaccess (installed by phpBB) <Files "config.php"> Order Allow,Deny Deny from All </Files> <Files "common.php"> Order Allow,Deny Deny from All </Files> # /usr/sbin/getsebool -a | grep http allow_httpd_anon_write --> off allow_httpd_bugzilla_script_anon_write --> off allow_httpd_cvs_script_anon_write --> off allow_httpd_mod_auth_pam --> off allow_httpd_nagios_script_anon_write --> off allow_httpd_prewikka_script_anon_write --> off allow_httpd_squid_script_anon_write --> off allow_httpd...

...Linux enforcing, but it at least has stopped the excessive amount of AVCs we were getting. John On 3 December 2014 at 10:01, Daniel J Walsh <dwalsh at redhat.com> wrote: > Looks like turning on three booleans will solve most of the problem. > > httpd_execmem, httpd_run_stickshift, allow_httpd_anon_write > > > On 12/03/2014 03:55 AM, John Beranek wrote: > > Mark: Labels look OK, restorecon has nothing to do, and: > > > > -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps > > > > dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc > &gt...

Looks like turning on three booleans will solve most of the problem. httpd_execmem, httpd_run_stickshift, allow_httpd_anon_write On 12/03/2014 03:55 AM, John Beranek wrote: > Mark: Labels look OK, restorecon has nothing to do, and: > > -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps > > dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc > > I'll send the audit log on to Da...

Mark: Labels look OK, restorecon has nothing to do, and: -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc I'll send the audit log on to Dan. Cheers, John On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > Could you send me a copy of your audit.log. > > You should not be