View Issue Details

IDProjectCategoryView StatusLast Update
0015767CentOS-7selinux-policypublic2019-02-01 09:09
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015767: SELinux is preventing /usr/sbin/httpd from 'add_name' accesses on the directory repN9UD_Jan_2019.pdf.
DescriptionDescription of problem:
SELinux is preventing /usr/sbin/httpd from 'add_name' accesses on the directory repN9UD_Jan_2019.pdf.

***** Plugin httpd_write_content (92.2 confidence) suggests ***************

If you want to allow httpd to have add_name access on the repN9UD_Jan_2019.pdf directory
Then you need to change the label on 'repN9UD_Jan_2019.pdf'
# semanage fcontext -a -t httpd_sys_rw_content_t 'repN9UD_Jan_2019.pdf'
# restorecon -v 'repN9UD_Jan_2019.pdf'

***** Plugin catchall_boolean (7.83 confidence) suggests ******************

If you want to allow httpd to unified
Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.

setsebool -P httpd_unified 1

***** Plugin catchall (1.41 confidence) suggests **************************

If you believe that httpd should be allowed add_name access on the repN9UD_Jan_2019.pdf directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp

Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:httpd_sys_content_t:s0
Target Objects repN9UD_Jan_2019.pdf [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.1.3.el7.x86_64 #1 SMP
                              Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64
Alert Count 2
First Seen 2019-02-01 16:04:01 +07
Last Seen 2019-02-01 16:04:01 +07
Local ID 8bfb8962-01af-452f-9315-0446f21af703

Raw Audit Messages
type=AVC msg=audit(1549011841.522:2122): avc: denied { add_name } for pid=5684 comm="httpd" name="repN9UD_Jan_2019.pdf" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0

Hash: httpd,httpd_t,httpd_sys_content_t,dir,add_name

Version-Release number of selected component:
Additional Informationreporter: libreport-
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-02-01 09:09 noydarly New Issue