search for: httpd_sys_content_t

Hi, I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers. Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t. On my sandbox server I don't have Apache (httpd) installed, only Nginx (the nginx package from EPEL). I manually created the /var/www directory and put a handful of static websites in there to play around with. Curiously enough, I got a SELinux alert. I took a peek in /var/www, and here...

...rom. According to this doc: http://www.centos.org/docs/5/html/5.1/Deployment_Guide/rhlcommon-section-0097.html I should be able to mount it with a context that will allow apache to access it. But when I try the command they suggest: [root at vm-37:~] mount -t nfs -o \ context=system_u:object_r:httpd_sys_content_t \ 192.168.1.100:/data/test /mnt/test It mounts, but when I do: [root at vm-37:~]# ls -lZ /mnt drwxr-xr-x 65534 65534 system_u:object_r:nfs_t test It doesn't show the correct context. (I don't know if it matters that I don't have a user with UID 65534, only the remote NFS server h...

...d pick up an additional entry in the audit file : type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" ino=537182029 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file Unfortunately, I am not sure how the above tells me what is wrong. Greg -----Original Message-----From: Clint Dilks <clintd at scms.waikato.ac.nz> Reply-to: CentOS mailing list <centos at centos.org> To: CentOS mailing list <centos at centos.org> Subject: Re: [Ce...

...le php app working that writes some info to a text file. The app will only work correctly if SELinux is disabled. If it's enabled and try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file. So I tried running the following command: chcon -R -t httpd_sys_content_t /var/www And tried veriying the command with the following: ls -RZ /var/www And everything seems to be in order. For example I see: -rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 vieworders.php But the app stil won't function correctly unless SELinux is set to off. What...

Hello everyone, If create a folder called "whatever" under /var, the context is: root:object_r:var_t /var/whatever/ That's expected as it is under /var. If I then change its type: chcont -t httpd_sys_content_t /var/whatever The context looks like: root:object_r:httpd_sys_content_t /var/whatever/ My question is...Shouldn't a relabeling of the filesystem change the type of this directory back to var_t? I just performed a relabel (/.autorelabel) and the directory stayed with httpd_sys_content_t....

...c is not writable.* *Please make it writable.* *If you are using SELinux or AppArmor, you might need to adjust their setup to allow write access.* This goes away with 'setenforce 0', so it is an SELinux issue. I have tried both: restorecon -Rv /usr/share/postfixadmin and chcon -R -t httpd_sys_content_t /usr/share/postfixadmin and they are not the problem. Googling this message doe snot produce any SELinux advice. Any ideas? thanks

...ght need to adjust their >> setup to allow write access.* >> >> >> This goes away with 'setenforce 0', so it is an SELinux issue. I have >> tried both: >> >> restorecon -Rv /usr/share/postfixadmin >> >> and >> >> chcon -R -t httpd_sys_content_t /usr/share/postfixadmin >> >> and they are not the problem. Googling this message doe snot produce >> any SELinux advice. >> >> Any ideas? >> >> thanks >> >> _______________________________________________ >> CentOS mailing list >>...

...ing it's something about the parent path that SELinux doesn't like, but I don't know where that's handled. My partition is mounted to /mnt/bigdisk2, and I put the app in the wbb3tmp subdirectory there: [root at centos wbb3-tmp]# ls -Za drwxr-xr-x apache apache system_u:object_r:httpd_sys_content_t . drwxr-xr-x root root system_u:object_r:file_t .. -rw-r--r-- apache apache system_u:object_r:httpd_sys_content_t WCFSetup.tar.gz -rw-r--r-- apache apache system_u:object_r:httpd_sys_content_t index.html -rw-r--r-- apache apache system_u:object_r:httpd_sys_content_t install.php -rw...

...t; app will only work correctly if SELinux is disabled. If it's enabled and > > try to use the app, it fails. It seems that SELinux is denying the app > > ability to write to the text file. > > > > So I tried running the following command: > > > > chcon -R -t httpd_sys_content_t /var/www > > > > And tried veriying the command with the following: > > > > ls -RZ /var/www > > > > And everything seems to be in order. For example I see: > > > > -rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 > > vieworders...

...ories that SELinux policy can not predict. These directories have to be labeled with a file context which httpd can accesss. Allowing Access If you want to change the file context of trac-rewrite.log so that the httpd daemon can access it, you need to execute it using chcon -t httpd_sys_content_t.trac-rewrite.log. You can look at the httpd_selinux man page for additional information. Additional Information Source Context user_u:system_r:httpd_t Target Context system_u:object_r:etc_t Target Objects trac-rewrite.log [ dir ] Affected RPM Pack...

...is disabled. If it's enabled and >>>> try to use the app, it fails. It seems that SELinux is denying the app >>>> ability to write to the text file. >>>> >>>> So I tried running the following command: >>>> >>>> chcon -R -t httpd_sys_content_t /var/www >>>> >>>> And tried veriying the command with the following: >>>> >>>> ls -RZ /var/www >>>> >>>> And everything seems to be in order. For example I see: >>>> >>>> -rw-r--r--. apache apache syste...

...x prevents the access from the apache httpd server to the needed /var/nagios files. The error manifests itself in the /var/log/messages as "SELinux is preventing the tac.cgi from using potentially mislabeled files ./status.dat (var_t)". A workaround is to execute the command: chcon -R httpd_sys_content_t /var/nagios Please grant me access Regards Martin Boel

I am running xapian and omega on a Centos 6.4 SELinux enabled box. When I do a search I get the following message: Exception: Couldn't read format template `query' (Permission denied) If I disable SELinux the search executes correctly. I have enabled the httpd_enable_cgi boolean but that still does not allow the permissions needed. What else do I need to configure in SELinux for xapian

http://wiki.centos.org/HowTos/SELinux says: "Access is only allowed between similar types, so Apache running as httpd_t can read /var/www/html/index.html of type httpd_sys_content_t." however the doc doesn't define what "similar types" means. I assumed it just meant "beginning with the same prefix". However that can't be right because on my system with SELinux turned on, httpd runs as type init_t: [root at peacefire04 - /root # ps awuxZ...

...hat nothing at all shows up in my /var/log/messages file describing why SELinux is stopping this connection. If I run my script with the CLI php binary, it connects to the remote server fine, just not when executed via httpd. I tried running the following on my PHP script: chcon -u system_u -t httpd_sys_content_t test.php But still I cannot complete a connection until I put SELinux back in Permissive mode. Any tips? Why isn't SELinux sending a message to the logs (it does for other SElinux issues just fine)? TIA, Ray

...ermission denied: access to /hobbit denied I've tried a number of things and am still getting this: 1) /hobbit is located in /home/hobbit/server/www 2) Made sure all files are in the apache group 3) I've even chcon the files to httpd_sys_content_t Does CentOs 4.3 have SELinux enabled as shipped? (I'm not producing any files in /var/log/audit) (How do you tell if it's active?) Frank M. Ramaekers Jr. <mailto:FRamaekers at AILife.com> Systems Programmer; MCP, MCP+I, MCSE & RHCE American Income Life Insurance Compa...

...ost+found &#9492;&#9472;&#9472; pgpass -> .pgpass The questions I have are: What is an appropriate SELinux context for such a directory structure given it is used by a httpd service? Is the default user home setting of system_u:object_r:home_root_t acceptable? Is system_u:object_r:httpd_sys_content_t preferable instead? is some other SELinux context preferred for RoR web applications using Apache with mod-passenger? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne...

...e not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! semodule -r git semodule -r apache libsepol.print_missing_requirements: gpg's global requirements were not met: type/attribute httpd_sys_content_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! semodule -r gpg semodule -r apache libsepol.print_missing_requirements: mediawiki's global requirements were not met: type/attribute httpd_t (No such file or di...

...me info to a text file. The > app will only work correctly if SELinux is disabled. If it's enabled and > try to use the app, it fails. It seems that SELinux is denying the app > ability to write to the text file. > > So I tried running the following command: > > chcon -R -t httpd_sys_content_t /var/www > > And tried veriying the command with the following: > > ls -RZ /var/www > > And everything seems to be in order. For example I see: > > -rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t:s0 > vieworders.php > > But the app stil won't fun...

...ork correctly if SELinux is disabled. If it's enabled and >>> try to use the app, it fails. It seems that SELinux is denying the app >>> ability to write to the text file. >>> >>> So I tried running the following command: >>> >>> chcon -R -t httpd_sys_content_t /var/www >>> >>> And tried veriying the command with the following: >>> >>> ls -RZ /var/www >>> >>> And everything seems to be in order. For example I see: >>> >>> -rw-r--r--. apache apache system_u:object_r:httpd_sys_content_t...