httpd with symbolic links and selinux enabled
Justin Jereza
justinjereza at gmail.com
Thu Nov 26 08:54:53 UTC 2009
> Have you configured Apache to follow symlinks?
> http://localhost/manual/mod/core.html#options
Yes, Apache follows symlinks. That's why http://localhost/~user/foo/
is accessible.
> You also need appropriate file and directory permissions (world readable
> files and directories, and directories need to be world executable,
> too).
All necessary permissions are set. Only directories inside ~/foo that
contain symlinks are inaccessible. Remove the symlinks, and they
become accessible. Also, http://localhost/~user/foo/bar/baz.html is
accessible even though http://localhost/~user/foo/bar/ isn't. Finally,
symlinks within ~/public_html itself work fine. So it seems that
symlinks within symlinks are the only ones that give me trouble.
Should have attached the following log messages earlier:
Nov 26 16:49:26 adnix kernel: type=1400 audit(1259225366.816:11484):
avc: denied { read } for pid=21208 comm="httpd" name="index.html"
dev=dm-2 ino=5144788 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=lnk_file
Nov 26 16:49:26 adnix kernel: type=1400 audit(1259225366.816:11485):
avc: denied { getattr } for pid=21208 comm="httpd"
path="/home/justin/foo/bar/index.html" dev=dm-2 ino=5144788
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:user_home_t:s0 tclass=lnk_file
--
Justin Jereza
LPIC-1
More information about the fedora-list
mailing list