From: "Dominick Grift" dominick.grift@gmail.com On Thu, 2013-11-14 at 17:45 -0500, m.roth@5-cent.us wrote:
Dominick Grift wrote:
On Thu, 2013-11-14 at 17:01 -0500, m.roth@5-cent.us wrote:
I really don't understand this: CentOS 6.4 directory: user_t subdirectory: httpd_sys_content_t file: httpd_sys_content_t
(Permissive mode) selinux preventing search access on the subdirectory by httpd.
Is this a cascading issue, that selinux doesn't like apache trying to access something under usr_t?
<snip>
But you want optimal help then you should enclose the actual avc denial
because now its all hearsay. i need to look at the facts to be able to suggest something i can vouch for
Good thought. NOW I'm *really* confused. ll -Z of the file gives me -rw-r--r--. <user> <group> system_u:system_r:httpd_sys_content_t:s0 <file>
Meanwhile, grep avc /var/log/audit/audit.log | grep <filename> gets me: <...> type=AVC msg=audit(1384527075.382:7606586): avc: denied { read } for pid=1329 comm="httpd" name="<filename>" dev=sdc1 ino=66691074 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
"Unlabeled_t"?
mark