I recently setup a website on RHEL7. The SELinux is in Enforcing mode. However, whatever how I tune the context, it always prevents httpd from writing. Here is the audit.log:
type=AVC msg=audit(1488922911.038:6188): avc: denied { write } for pid=11773 comm="httpd" name="cache" dev="xvda2" ino=42006369 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_t:s0 tclass=dir
type=SYSCALL msg=audit(1488922911.038:6188): arch=c000003e syscall=21 success=no exit=-13 a0=7f76f76142c0 a1=2 a2=0 a3=7f76e89b0ec0 items=0 ppid=740 pid=11773 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
It seems the source and target contexts are mismatched. But, it still won't work after I made it unified.
type=AVC msg=audit(1488923356.905:6384): avc: denied { write } for pid=11709 comm="httpd" name="cache" dev="xvda2" ino=42006369 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=dir
type=SYSCALL msg=audit(1488923356.905:6384): arch=c000003e syscall=21 success=no exit=-13 a0=7f76f76122b0 a1=2 a2=0 a3=7f76e89b0ec0 items=0 ppid=740 pid=11709 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
Update
I did a restore of permission by using the restorecon command. But it didn't work. I'm using the virtual host, I leave everything default:
<VirtualHost *:80> ServerName www.hometest.com DocumentRoot /var/www/web1 </VirtualHost> Here is the SeLinux permissions of my files.
# ls -Z /var/www/web1 drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 admin drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 core drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 download drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 extensions drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 image -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 index.php -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 license.txt -rwxr-x---. apache root system_u:object_r:httpd_sys_content_t:s0 list.bak -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 php.ini drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 resources -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 robots.txt drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 static_pages drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 storefront drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 system -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 task.php # ls -dZ web1/system/cache/ drwxr-x---. apache apache system_u:system_r:httpd_t:s0 web1/system/cache Any suggestion?
DocumentRootand the permissions in therels -lZ /var/www/html. Have you triedrestorecon -vvFR /var/www/html?