| Summary |
|
SELinux is preventing the httpd from using potentially mislabeled files (/home/user/public_html/index.html).
|
| Detailed Description |
| [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]
SELinux has denied httpd access to potentially
mislabeled file(s) (/home/user/public_html/index.html). This means that SELinux will not
allow httpd to use these files. It is common for users to edit
files in their home directory or tmp directories and then move
(mv) them to system directories. The problem is that the files
end up with the wrong file context which confined applications are not allowed to access.
|
| Allowing Access |
|
If you want httpd to access this files, you need to
relabel them using restorecon -v '/home/user/public_html/index.html'. You might want to
relabel the entire directory using restorecon -R -v '/home/user/public_html'.
|
| Additional Information |
|
| Source Context: | root:system_r:httpd_t |
| Target Context: | root:object_r:user_home_t |
| Target Objects: | /home/user/public_html/index.html [ file ] |
| Source: | httpd |
| Source Path: | /usr/sbin/httpd |
| Port: | <Unknown> |
| Host: | <Unknown> |
| Source RPM Packages: | httpd-2.2.3-65.el5.centos.3 |
| Target RPM Packages: | |
| Policy RPM: | selinux-policy-2.4.6-327.el5 |
| Selinux Enabled: | True |
| Policy Type: | targeted |
| MLS Enabled: | True |
| Enforcing Mode: | Permissive |
| Plugin Name: | home_tmp_bad_labels |
| Host Name: | localhost.localdomain |
| Platform: | Linux localhost.localdomain 2.6.18-308.24.1.el5 #1 SMP Tue Dec 4 17:43:34 EST 2012 x86_64 x86_64 |
| Alert Count: | 20 |
| First Seen: | Fri Dec 11 00:42:32 2020 |
| Last Seen: | Fri Dec 11 00:48:14 2020 |
| Local ID: | b30cf3d3-5a73-49dd-8466-dc3743dec2e3 |
| Line Numbers: | 637,
638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 652, 653, 654,
655, 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, 668,
669, 670, 671, 672, 673, 674, 675, 679, 680, 681, 682 |
Raw Audit Messages
:
type=AVC msg=audit(1607635094.57:103): avc: denied { getattr }
for pid=4485 comm="httpd" path="/home/user/public_html/index.html"
dev=dm-0 ino=9961589 scontext=root:system_r:httpd_t:s0
tcontext=root:object_r:user_home_t:s0 tclass=file
type=SYSCALL msg=audit(1607635094.57:103): arch=c000003e syscall=4
success=no exit=-13 a0=2b4d859cb438 a1=7fff35060020 a2=7fff35060020
a3=2b4d859c7d78 items=0 ppid=4484 pid=4485 auid=0 uid=48 gid=48 euid=48
suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=2 comm="httpd"
exe="/usr/sbin/httpd" subj=root:system_r:httpd_t:s0 key=(null)
|