{"id":176,"date":"2017-03-19T15:26:43","date_gmt":"2017-03-19T13:26:43","guid":{"rendered":"https:\/\/www.petersplanet.nl\/?p=176"},"modified":"2017-03-19T15:28:51","modified_gmt":"2017-03-19T13:28:51","slug":"selinux-access-denied","status":"publish","type":"post","link":"https:\/\/www.petersplanet.nl\/index.php\/2017\/03\/19\/selinux-access-denied\/","title":{"rendered":"SELinux access denied"},"content":{"rendered":"<p>When access is denied to certain files folders it might be SELinux. You can check this in the \/var\/log\/audit\/audit.log<br \/>\nIn this example we have changed the html folder in \/var\/www\/ for the Apache HTTP server.<br \/>\n<!--more--><\/p>\n<pre>sudo cat \/var\/log\/audit\/audit.log | grep denied<\/pre>\n<p>In the log:<\/p>\n<pre>type=AVC msg=audit(1489911451.999:62): avc:  denied  { open } for  pid=870 comm=\"httpd\" path=\"\/var\/www\/html\/index.html\" dev=\"xvda1\" ino=18607560 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file<\/pre>\n<p>View the SELinux rights with:<\/p>\n<pre>ls -Z \/var\/www\/\r\n<\/pre>\n<p>You can now fix this with:<\/p>\n<pre>semanage fcontext -a -t httpd_sys_content_t \"\/var\/www\/html(\/.*)?\"\r\nrestorecon -R -v \/var\/www\/html\r\n<\/pre>\n<p>The last statement is to make the change permanent. If you also want to change the unconfined_u:object_r into\u00a0system_u:object_r you need to do:<\/p>\n<pre>restorecon -R -F -v \/var\/www\/html\r\n<\/pre>\n<p>This is the result:<\/p>\n<pre>[root@ip-10-0-0-232 www]# ls -Z\r\ndrwxr-xr-x. root root system_u:object_r:httpd_sys_script_exec_t:s0 cgi-bin\r\ndrwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>When access is denied to certain files folders it might be SELinux. You can check this in the \/var\/log\/audit\/audit.log In this example we have changed the html folder in \/var\/www\/ for the Apache HTTP server.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-176","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/posts\/176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/comments?post=176"}],"version-history":[{"count":9,"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/posts\/176\/revisions"}],"predecessor-version":[{"id":185,"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/posts\/176\/revisions\/185"}],"wp:attachment":[{"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/media?parent=176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/categories?post=176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.petersplanet.nl\/index.php\/wp-json\/wp\/v2\/tags?post=176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}