• 1

selinux with httpd and cifs_t


First of all, thanks for great articles on your website.
I've got couple selinux installation, but one of them i've notice strange behaviour.
In my environment i've httpd, which serves files from mounted cifs directory and it seems to work, but in this directory my web application must be able to create dir/file. When new dir is created, i'm going upload files in it, but it's impossible. Result of this action is:
# audit2allow -i /var/log/audit/audit.log

#============= httpd_t ==============
allow httpd_t cifs_t:file 0x100000;

i'm not able to create module from this avc:

only letters and numbers allowed in module names


rhel 5

dir mounted with:
/mount -t cifs // /var/www/html/share -o credentials=

httpd_use_cifs --> on

best regards

Re: selinux with httpd and cifs_t

I guess it worked on the remount, not sure why this happened. You could also try the mount with httpd_sys_rw_content_t;

mount -t cifs // /var/www/html/share -o context="system_u:object_r:httpd_sys_rw_content_t:s0",credentials=

Re: selinux with httpd and cifs_t

I try to mount with diffrent httpd contexts, but every time my webapp create new folder I can't upload files in it, so I have to remount over and over, finally i turn on permissive mode.

Re: selinux with httpd and cifs_t

Can you open a bugzilla on this and attach the avc messages you are seeing. It might be a problem with the way the kernel is handling cifs_t.

  • 1

Log in