SElinux httpd logs issue? possible change in context in userdirs?- HELP!

Support for security such as Firewalls and securing linux
Post Reply
busbyjon
Posts: 5
Joined: 2005/11/16 16:02:38
Contact:

SElinux httpd logs issue? possible change in context in user

Post by busbyjon » 2006/01/13 10:20:36

Hi everyone,

I'd been having a few issues with portmap being avc:denied for some reason and was having no luck fixing it, so I heard about
touch ./autorelabel..
which was great, portmap was running again.... everything else seems fine, but heres the catch....httpd isnt running....
heres the corresponding error in /var/log/messages

Jan 13 10:13:00 zeus kernel: audit(1137147180.106:0): avc: denied { search } for pid=2313 comm=httpd name=logs dev=dm-1 ino=160969 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:user_home_t tclass=dir

so I had a bried look at the userdirs. I use webmin with virtualmin to manage my domain hostings and websites, and it appears that doing the relabel has changed the contexts of all the directories (log, cgi-bin, public_html, homes) that virtualmin creates.... now could this be causing the issue or is there something bigger i'm missing here? httpd just isnt starting (I thought it would just fall back on its own logs if it couldnt use the logs in the userdirectories)

anyways, really could do with some help here!

Jon

nfowar
Posts: 4
Joined: 2006/03/11 20:58:41

Re: SElinux httpd logs issue? possible change in context in userdirs?- HELP!

Post by nfowar » 2006/03/11 21:11:09

There are a couple of httpd-related SELinux options (so called "booleans"), e.g. "httpd_enable_homedirs", which allows Apache to read user's public_html directories. It is off by default, afaik. Perhaps you need to enable it? You can get a list of all options with
# getsebool -a

Post Reply

Return to “CentOS 4 - Security Support”