Don't understand what you want to say.Sorry Thomas, I made a mistake while pasting the path. The correct path is
[root@sn html]# find . -name
./ow_userfiles/plugins/base/attachments/temp_5be3f85348052_5be3f85347985.docx
[root@sn html]#
yes. but based on your absolute path to the directory where your httpd needs write access selinux fcontext --add requires an adjusted regex.
Do you still say that it is better to remove my-httpd?
because selinux is about preventing things that are not allowed. Httpd is normally exposed to the network and a good target for hackers. So the default policy gives the httpd the least privileges that are possible.
Thing that I want to know is that, why selinux prevents that creation? Selinux suggests some commands to fix that. While the suggestion has no effect, it doesn't say about the root of the problem.
The list of attributes regarding httpd are
# semanage boolean -l | grep httpd
On Thursday, November 8, 2018, 1:10:02 PM GMT+3:30, Thomas Mueller <thomas@chaschperli.ch> wrote:I suspect someone copied moved files from $HOME to /var/www/html/* because user_home_t is no label for /var/www/html
I would propose you to:
# remove your custom module
semodule -u my-httpd
# add a local fcontext to the directory that httpd needs read-write access
semanage fcontext \
--add \
--type httpd_sys_rw_content_t
'/var/www/html/ow_plugins/ow_userfiles/plugins/base/attachment(/.*)?'
# reset all labels to default
restorecon -rv /var/www
- Thomas