WebDAV
Andrew Z
ahziem1 at mailbolt.com
Thu Sep 8 00:22:34 UTC 2005
Is there a SELinux policy for use with WebDAV? I have the WebDAV
working correctly with Apache and Cadaver, but SELinux prevents writing.
I have noticed that there are at least two issues. First, SELinux
prevents Apache from writing to httpd_sys_content_t. Second, Apache
needs to update its locking database. I don't want to allow write
access to all httpd_sys_content_t.
type=AVC msg=audit(1126138296.843:56): avc: denied { write } for
pid=3525 comm="httpd" name="lockdb.dir" dev=hda7 ino=1011851
scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:var_lib_t
tclass=file
type=SYSCALL msg=audit(1126138296.843:56): arch=40000003 syscall=5
success=yes exit=11 a0=8675e00 a1=42 a2=1b6 a3=886a6c0 items=1 pid=3525
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
type=CWD msg=audit(1126138296.843:56): cwd="/"
type=PATH msg=audit(1126138296.843:56): item=0
name="/var/lib/dav/lockdb.dir" flags=310 inode=1006106 dev=03:07
mode=040700 ouid=48 ogid=48 rdev=00:00
type=AVC msg=audit(1126138520.634:58): avc: denied { write } for
pid=3526 comm="httpd" name="lockdb.dir" dev=hda7 ino=1011851
scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:var_lib_t
tclass=file
type=SYSCALL msg=audit(1126138520.634:58): arch=40000003 syscall=5
success=yes exit=11 a0=867dc20 a1=42 a2=1b6 a3=867fbd8 items=1 pid=3526
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 comm="httpd" exe="/usr/sbin/httpd"
type=CWD msg=audit(1126138520.634:58): cwd="/"
type=PATH msg=audit(1126138520.634:58): item=0
name="/var/lib/dav/lockdb.dir" flags=310 inode=1006106 dev=03:07
mode=040700 ouid=48 ogid=48 rdev=00:00
Andrew
More information about the fedora-selinux-list
mailing list