httpd cannot read httpd-manual

[Daniel J Walsh]

Karl DeBisschop wrote:

>Here's the audit from /var/log/messages:
>
>
>
>Apr  2 04:09:33 xxxxx kernel: audit(1080896972.999:0): avc:  denied  {
>getattr } for  pid=1156 exe=/usr/sbin/httpd
>path=/var/www/manual/index.html dev=md0 ino=1473314
>scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:var_t
>tclass=file
>
>
>System is FC2 devel in enforcing mode, the only change I have made to
>policies is to add myself as an adminstrative user.
>  
>

File context problem.

I have modified the context in policy-1.9.2-9 to label everything under 
/var/www as content unless it is specified later
This is the patch, you will need to relabel after updating the policy files

setfiles /etc/security/selinux/file_contexts  /var/www

--- apache.fc.20040403  2004-03-31 15:52:27.000000000 -0500
+++ apache.fc   2004-04-03 01:37:24.360416240 -0500
@@ -1,12 +1,9 @@
 # apache
 HOME_DIR/((www)|(web)|(public_html))(/.+)? 
system_u:object_r:httpd_ROLE_content_t
-/var/www               -d      system_u:object_r:httpd_sys_content_t
-/var/www/html(/.*)?            system_u:object_r:httpd_sys_content_t
-/var/www/mrtg(/.*)?            system_u:object_r:httpd_sys_content_t
+/var/www(/.*)?         system_u:object_r:httpd_sys_content_t
 /var/www/cgi-bin(/.*)?         system_u:object_r:httpd_sys_script_exec_t
 /usr/lib(64)?/cgi-bin(/.*)?            
system_u:object_r:httpd_sys_script_exec_t
 /var/www/perl(/.*)?            system_u:object_r:httpd_sys_script_exec_t
-/var/www/icons(/.*)?           system_u:object_r:httpd_sys_content_t
 /var/cache/httpd(/.*)?         system_u:object_r:httpd_cache_t
 /etc/httpd             -d      system_u:object_r:httpd_config_t
 /etc/httpd/conf.*              system_u:object_r:httpd_config_t