我正在 joomla 中安装模板,然后在 fedora 17 中收到此警报。我如何提供对 httpd 的访问权限以创建目录或文件。
SELinux is preventing /usr/sbin/httpd from write access on the directory templates.
***** Plugin httpd_write_content (92.2 confidence) suggests ****************
If you want to allow httpd to have write access on the templates directory
Then you need to change the label on 'templates'
Do
# semanage fcontext -a -t httpd_sys_rw_content_t 'templates'
# restorecon -v 'templates'
***** Plugin catchall_boolean (7.83 confidence) suggests *******************
If you want to httpd_unified
Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.You can read 'httpd_selinux' man page for more details.
Do
setsebool -P httpd_unified 1
***** Plugin catchall (1.41 confidence) suggests ***************************
If you believe that httpd should be allowed write access on the templates directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:httpd_sys_content_t:s0
Target Objects templates [ dir ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host amsick
Source RPM Packages httpd-2.2.22-4.fc17.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.10.0-145.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name amsick
Platform Linux amsick 3.5.1-1.fc17.x86_64 #1 SMP Thu Aug 9
17:50:43 UTC 2012 x86_64 x86_64
Alert Count 1
First Seen Wed 10 Oct 2012 05:41:43 PM IST
Last Seen Wed 10 Oct 2012 05:41:43 PM IST
Local ID 53cfb03d-f93f-43c0-af17-a4dd0b02286c
Raw Audit Messages
type=AVC msg=audit(1349871103.424:79): avc: denied { write } for pid=858 comm="httpd" name="templates" dev="dm-1" ino=531647 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1349871103.424:79): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=7fb60b3dd8e0 a1=1ed a2=8 a3=7fff4bfd0b08 items=0 ppid=854 pid=858 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: httpd,httpd_t,httpd_sys_content_t,dir,write
audit2allow
#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:dir write;
audit2allow -R
#============= httpd_t ==============
#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:dir write;
答案1
它会在消息中直接告诉您如何修复它。它有 93% 的把握相信您想要正确标记内容,这将是这两个命令。
semanage fcontext -a -t httpd_sys_rw_content_t'模板'
restorecon -v'模板'