Another problem with "avc: denied" messages
Daniel J Walsh
dwalsh at redhat.com
Thu Nov 1 18:10:44 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ian Leonard wrote:
> Hi,
>
> I have a web app that will create xml files. It has been running for a
> while now but has suddenly started giving errors as per below (I guess a
> maintenance update did it).
>
> audit(1193660948.194:421): avc: denied { write } for pid=3358
> comm="eco_upload.cgi" name="2007-10.xml" dev=dm-0 ino=58753075
> scontext=system_u:system_r:httpd_t:s0
> tcontext=user_u:object_r:var_lib_t:s0 tclass=file
>
> My minimal selinux knowledge has allowed me to fix the problem with the
> file, but a new files is created once a month. I am guessing that next
> month I will have the same problem.
>
> I guess I need to do something to the cgi script to allow it to create
> the files.
>
>
> Any advice appreciated.
>
What directory does this file get created in?
If this directory was labeled http_sys_content_rw_t it would work.
For example if the directory was /var/lib/eco then
chcon -R -t httpd_sys_content_rw_t /var/lib/eco/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHKhajrlYvE4MpobMRAv1BAJ9XNkwZABn6Gk0KxDE+WzFOsvmArgCcCamo
737jiAfLBSTOkI8RVXzuuug=
=Kdj/
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list