Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- grep http audit.log | audit2why
- type=AVC msg=audit(1574437258.257:369850): avc: denied { getattr } for pid=24989 comm="httpd" path="/var/www/html/repos/updates/repodata/repomd.xml" dev="dm-0" ino=6443689502 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file permissive=0
- Was caused by:
- Missing type enforcement (TE) allow rule.
- You can use audit2allow to generate a loadable module to allow this access.
- grep http audit.log | audit2allow
- #============= httpd_t ==============
- #!!!! WARNING: 'var_t' is a base type.
- #!!!! The file '/var/www/html/repos/base/Packages/389-ds-base-snmp-1.3.9.1-10.el7.x86_64.rpm' is mislabeled on your system.
- #!!!! Fix with $ restorecon -R -v /var/www/html/repos/base/Packages/389-ds-base-snmp-1.3.9.1-10.el7.x86_64.rpm
- allow httpd_t var_t:file getattr;
- [root@nuc-0 audit]# restorecon -R -v /var/www/html/repos/base/Packages/389-ds-base-snmp-1.3.9.1-10.el7.x86_64.rpm
- restorecon reset /var/www/html/repos/base/Packages/389-ds-base-snmp-1.3.9.1-10.el7.x86_64.rpm context unconfined_u:object_r:var_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
- [root@nuc-0 audit]# grep http audit.log | audit2allow
- restorecon -R -v /var/www/html/repos/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
