Sorry Thomas, I made a mistake while pasting the path. The correct path is
[root@sn html]# find . -name ./ow_userfiles/plugins/base/attachments/temp_5be3f85348052_5be3f85347985.docx [root@sn html]#
Do you still say that it is better to remove my-httpd?
Thing that I want to know is that, why selinux prevents that creation? Selinux suggests some commands to fix that. While the suggestion has no effect, it doesn't say about the root of the problem. The list of attributes regarding httpd are # semanage boolean -l | grep httpd httpd_can_network_relay (off , off) Allow httpd to can network relay httpd_can_connect_mythtv (off , off) Allow httpd to can connect mythtv httpd_can_network_connect_db (off , off) Allow httpd to can network connect db httpd_use_gpg (off , off) Allow httpd to use gpg httpd_dbus_sssd (off , off) Allow httpd to dbus sssd httpd_enable_cgi (on , on) Allow httpd to enable cgi httpd_verify_dns (off , off) Allow httpd to verify dns httpd_dontaudit_search_dirs (off , off) Allow httpd to dontaudit search dirs httpd_use_cifs (off , off) Allow httpd to use cifs httpd_manage_ipa (off , off) Allow httpd to manage ipa httpd_run_stickshift (off , off) Allow httpd to run stickshift httpd_enable_homedirs (off , off) Allow httpd to enable homedirs httpd_dbus_avahi (off , off) Allow httpd to dbus avahi httpd_unified (on , on) Allow httpd to unified httpd_mod_auth_pam (off , off) Allow httpd to mod auth pam httpd_can_network_connect (on , on) Allow httpd to can network connect httpd_execmem (off , off) Allow httpd to execmem httpd_use_fusefs (off , off) Allow httpd to use fusefs httpd_mod_auth_ntlm_winbind (off , off) Allow httpd to mod auth ntlm winbind httpd_use_sasl (off , off) Allow httpd to use sasl httpd_tty_comm (off , off) Allow httpd to tty comm httpd_sys_script_anon_write (off , off) Allow httpd to sys script anon write httpd_graceful_shutdown (on , on) Allow httpd to graceful shutdown httpd_can_connect_ftp (on , on) Allow httpd to can connect ftp httpd_run_ipa (off , off) Allow httpd to run ipa httpd_read_user_content (on , on) Allow httpd to read user content httpd_use_nfs (off , off) Allow httpd to use nfs httpd_can_connect_zabbix (off , off) Allow httpd to can connect zabbix httpd_tmp_exec (off , off) Allow httpd to tmp exec httpd_run_preupgrade (off , off) Allow httpd to run preupgrade httpd_can_sendmail (on , on) Allow httpd to can sendmail httpd_builtin_scripting (on , on) Allow httpd to builtin scripting httpd_can_connect_ldap (off , off) Allow httpd to can connect ldap httpd_can_check_spam (off , off) Allow httpd to can check spam httpd_can_network_memcache (off , off) Allow httpd to can network memcache httpd_can_network_connect_cobbler (off , off) Allow httpd to can network connect cobbler httpd_anon_write (off , off) Allow httpd to anon write httpd_serve_cobbler_files (off , off) Allow httpd to serve cobbler files httpd_ssi_exec (off , off) Allow httpd to ssi exec httpd_use_openstack (off , off) Allow httpd to use openstack httpd_enable_ftp_server (off , off) Allow httpd to enable ftp server httpd_setrlimit (off , off) Allow httpd to setrlimit
Regards, Mahmood
On Thursday, November 8, 2018, 1:10:02 PM GMT+3:30, Thomas Mueller thomas@chaschperli.ch wrote: I suspect someone copied moved files from $HOME to /var/www/html/* because user_home_t is no label for /var/www/html
I would propose you to:
# remove your custom module semodule -u my-httpd
# add a local fcontext to the directory that httpd needs read-write access semanage fcontext \ --add \ --type httpd_sys_rw_content_t '/var/www/html/ow_plugins/ow_userfiles/plugins/base/attachment(/.*)?'
# reset all labels to default restorecon -rv /var/www
- Thomas