selinux and wordpress, wordpress-mu

Ian Weller ianweller at gmail.com
Sun Mar 29 16:15:52 UTC 2009 

On Sun, Mar 29, 2009 at 11:27:37AM -0400, Daniel J Walsh wrote:
> On 03/28/2009 08:23 PM, Ian Weller wrote:
>> wordpress and wordpress-mu don't work well when you're first starting to
>> use them: the configuration can't access its files at
>> /usr/share/wordpress{,-mu} due to SELinux. What do I need to do to write
>> an SELinux policy and push it upstream so that others don't run into
>> this problem by default?
>>
>>
> What avc errors are you seeing in /var/log/audit/audit.log
>
Well, to get wordpress-mu to decide that it can write to
  /usr/share/wordpress-mu/wp-config.php
I have to run the following:
  # semanage fcontext -a -t httpd_var_run_t '/usr/share/wordpress-mu'
  # semanage fcontext -a -t httpd_var_run_t '/usr/share/wordpress-mu/wp-config.php'
  # semanage fcontext -a -t httpd_var_run_t '/usr/share/wordpress-mu/wp-content(/.*)?'
  # restorecon -vv -RF /usr/share/wordpress-mu
I didn't get any AVC denials or anything about needing to do this.

Then, it believes it can write to the necessary directories after
refreshing the configuration page, and I get the following:

type=AVC msg=audit(1238343299.820:1766): avc:  denied  { create } for  pid=21014 comm="httpd" name="blogs.dir" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1238343299.820:1766): arch=40000003 syscall=39 success=no exit=-13 a0=2105250 a1=1ff a2=124f938 a3=2105250 items=0 ppid=21011 pid=21014 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=1 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)

-- 
Ian Weller <ianweller at gmail.com>
GnuPG fingerprint:  E51E 0517 7A92 70A2 4226  B050 87ED 7C97 EFA8 4A36
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090329/e4891cff/attachment.sig>

More information about the fedora-devel-list mailing list