API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 10th, 2018
416
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 84.68 KB | None | 0 0
raw download clone embed print report
  1. [root@vm1 ~]# df -h
  2. Filesystem Size Used Avail Use% Mounted on
  3. /dev/sda1 10G 1.5G 8.6G 15% /
  4. devtmpfs 287M 0 287M 0% /dev
  5. tmpfs 294M 0 294M 0% /dev/shm
  6. tmpfs 294M 4.4M 290M 2% /run
  7. tmpfs 294M 0 294M 0% /sys/fs/cgroup
  8. tmpfs 59M 0 59M 0% /run/user/1001
  9. [root@vm1 ~]# yum update
  10. Loaded plugins: fastestmirror
  11. Determining fastest mirrors
  12. epel/x86_64/metalink | 17 kB 00:00
  13. * base: mirror.steadfastnet.com
  14. * epel: mirror.steadfastnet.com
  15. * extras: ftpmirror.your.org
  16. * updates: mirrors.liquidweb.com
  17. base | 3.6 kB 00:00
  18. epel | 3.2 kB 00:00
  19. extras | 3.4 kB 00:00
  20. google-cloud-compute/signature | 454 B 00:00
  21. google-cloud-compute/signature | 1.8 kB 00:00 !!!
  22. google-cloud-sdk/signature | 454 B 00:00
  23. google-cloud-sdk/signature | 1.4 kB 00:00 !!!
  24. updates | 3.4 kB 00:00
  25. (1/10): base/7/x86_64/group_gz | 166 kB 00:00
  26. (2/10): epel/x86_64/group_gz | 88 kB 00:00
  27. (3/10): epel/x86_64/updateinfo | 941 kB 00:00
  28. (4/10): epel/x86_64/primary | 3.6 MB 00:00
  29. (5/10): extras/7/x86_64/primary_db | 187 kB 00:00
  30. (6/10): base/7/x86_64/primary_db | 5.9 MB 00:00
  31. (7/10): google-cloud-compute/updateinfo | 1.1 kB 00:00
  32. (8/10): google-cloud-compute/primary | 3.6 kB 00:00
  33. (9/10): google-cloud-sdk/primary | 45 kB 00:00
  34. (10/10): updates/7/x86_64/primary_db | 5.2 MB 00:00
  35. epel 12672/12672
  36. google-cloud-compute 10/10
  37. google-cloud-sdk 278/278
  38. Resolving Dependencies
  39. --> Running transaction check
  40. ---> Package audit.x86_64 0:2.8.1-3.el7 will be updated
  41. ---> Package audit.x86_64 0:2.8.1-3.el7_5.1 will be an update
  42. ---> Package audit-libs.x86_64 0:2.8.1-3.el7 will be updated
  43. ---> Package audit-libs.x86_64 0:2.8.1-3.el7_5.1 will be an update
  44. ---> Package audit-libs-python.x86_64 0:2.8.1-3.el7 will be updated
  45. ---> Package audit-libs-python.x86_64 0:2.8.1-3.el7_5.1 will be an update
  46. ---> Package bind-libs-lite.x86_64 32:9.9.4-61.el7 will be updated
  47. ---> Package bind-libs-lite.x86_64 32:9.9.4-61.el7_5.1 will be an update
  48. ---> Package bind-license.noarch 32:9.9.4-61.el7 will be updated
  49. ---> Package bind-license.noarch 32:9.9.4-61.el7_5.1 will be an update
  50. ---> Package dracut.x86_64 0:033-535.el7 will be updated
  51. ---> Package dracut.x86_64 0:033-535.el7_5.1 will be an update
  52. ---> Package dracut-config-rescue.x86_64 0:033-535.el7 will be updated
  53. ---> Package dracut-config-rescue.x86_64 0:033-535.el7_5.1 will be an update
  54. ---> Package google-cloud-sdk.noarch 0:212.0.0-1.el7 will be updated
  55. ---> Package google-cloud-sdk.noarch 0:215.0.0-1.el7 will be an update
  56. ---> Package initscripts.x86_64 0:9.49.41-1.el7 will be updated
  57. ---> Package initscripts.x86_64 0:9.49.41-1.el7_5.1 will be an update
  58. ---> Package kpartx.x86_64 0:0.4.9-119.el7 will be updated
  59. ---> Package kpartx.x86_64 0:0.4.9-119.el7_5.1 will be an update
  60. ---> Package libblkid.x86_64 0:2.23.2-52.el7 will be updated
  61. ---> Package libblkid.x86_64 0:2.23.2-52.el7_5.1 will be an update
  62. ---> Package libmount.x86_64 0:2.23.2-52.el7 will be updated
  63. ---> Package libmount.x86_64 0:2.23.2-52.el7_5.1 will be an update
  64. ---> Package libuuid.x86_64 0:2.23.2-52.el7 will be updated
  65. ---> Package libuuid.x86_64 0:2.23.2-52.el7_5.1 will be an update
  66. ---> Package mariadb-libs.x86_64 1:5.5.56-2.el7 will be updated
  67. ---> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be an update
  68. ---> Package qemu-guest-agent.x86_64 10:2.8.0-2.el7 will be updated
  69. ---> Package qemu-guest-agent.x86_64 10:2.8.0-2.el7_5.1 will be an update
  70. ---> Package selinux-policy.noarch 0:3.13.1-192.el7_5.4 will be updated
  71. ---> Package selinux-policy.noarch 0:3.13.1-192.el7_5.6 will be an update
  72. ---> Package selinux-policy-targeted.noarch 0:3.13.1-192.el7_5.4 will be updated
  73. ---> Package selinux-policy-targeted.noarch 0:3.13.1-192.el7_5.6 will be an upda te
  74. ---> Package systemd.x86_64 0:219-57.el7 will be updated
  75. ---> Package systemd.x86_64 0:219-57.el7_5.1 will be an update
  76. ---> Package systemd-libs.x86_64 0:219-57.el7 will be updated
  77. ---> Package systemd-libs.x86_64 0:219-57.el7_5.1 will be an update
  78. ---> Package systemd-sysv.x86_64 0:219-57.el7 will be updated
  79. ---> Package systemd-sysv.x86_64 0:219-57.el7_5.1 will be an update
  80. ---> Package tuned.noarch 0:2.9.0-1.el7 will be updated
  81. ---> Package tuned.noarch 0:2.9.0-1.el7_5.2 will be an update
  82. ---> Package util-linux.x86_64 0:2.23.2-52.el7 will be updated
  83. ---> Package util-linux.x86_64 0:2.23.2-52.el7_5.1 will be an update
  84. --> Finished Dependency Resolution
  85.  
  86. Dependencies Resolved
  87.  
  88. ================================================================================
  89. Package Arch Version Repository Size
  90. ================================================================================
  91. Updating:
  92. audit x86_64 2.8.1-3.el7_5.1 updates 247 k
  93. audit-libs x86_64 2.8.1-3.el7_5.1 updates 99 k
  94. audit-libs-python x86_64 2.8.1-3.el7_5.1 updates 75 k
  95. bind-libs-lite x86_64 32:9.9.4-61.el7_5.1 updates 734 k
  96. bind-license noarch 32:9.9.4-61.el7_5.1 updates 85 k
  97. dracut x86_64 033-535.el7_5.1 updates 325 k
  98. dracut-config-rescue x86_64 033-535.el7_5.1 updates 58 k
  99. google-cloud-sdk noarch 215.0.0-1.el7 google-cloud-sdk 28 M
  100. initscripts x86_64 9.49.41-1.el7_5.1 updates 437 k
  101. kpartx x86_64 0.4.9-119.el7_5.1 updates 76 k
  102. libblkid x86_64 2.23.2-52.el7_5.1 updates 178 k
  103. libmount x86_64 2.23.2-52.el7_5.1 updates 180 k
  104. libuuid x86_64 2.23.2-52.el7_5.1 updates 81 k
  105. mariadb-libs x86_64 1:5.5.60-1.el7_5 updates 758 k
  106. qemu-guest-agent x86_64 10:2.8.0-2.el7_5.1 updates 150 k
  107. selinux-policy noarch 3.13.1-192.el7_5.6 updates 453 k
  108. selinux-policy-targeted noarch 3.13.1-192.el7_5.6 updates 6.6 M
  109. systemd x86_64 219-57.el7_5.1 updates 5.0 M
  110. systemd-libs x86_64 219-57.el7_5.1 updates 402 k
  111. systemd-sysv x86_64 219-57.el7_5.1 updates 79 k
  112. tuned noarch 2.9.0-1.el7_5.2 updates 244 k
  113. util-linux x86_64 2.23.2-52.el7_5.1 updates 2.0 M
  114.  
  115. Transaction Summary
  116. ================================================================================
  117. Upgrade 22 Packages
  118.  
  119. Total download size: 46 M
  120. Is this ok [y/d/N]: y
  121. Downloading packages:
  122. Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
  123. (1/22): audit-libs-2.8.1-3.el7_5.1.x86_64.rpm | 99 kB 00:00
  124. (2/22): audit-libs-python-2.8.1-3.el7_5.1.x86_64.rpm | 75 kB 00:00
  125. (3/22): bind-license-9.9.4-61.el7_5.1.noarch.rpm | 85 kB 00:00
  126. (4/22): audit-2.8.1-3.el7_5.1.x86_64.rpm | 247 kB 00:00
  127. (5/22): dracut-config-rescue-033-535.el7_5.1.x86_64.rpm | 58 kB 00:00
  128. (6/22): kpartx-0.4.9-119.el7_5.1.x86_64.rpm | 76 kB 00:00
  129. (7/22): initscripts-9.49.41-1.el7_5.1.x86_64.rpm | 437 kB 00:00
  130. (8/22): dracut-033-535.el7_5.1.x86_64.rpm | 325 kB 00:00
  131. (9/22): libmount-2.23.2-52.el7_5.1.x86_64.rpm | 180 kB 00:00
  132. (10/22): libblkid-2.23.2-52.el7_5.1.x86_64.rpm | 178 kB 00:00
  133. (11/22): bind-libs-lite-9.9.4-61.el7_5.1.x86_64.rpm | 734 kB 00:00
  134. (12/22): libuuid-2.23.2-52.el7_5.1.x86_64.rpm | 81 kB 00:00
  135. (13/22): mariadb-libs-5.5.60-1.el7_5.x86_64.rpm | 758 kB 00:00
  136. (14/22): selinux-policy-3.13.1-192.el7_5.6.noarch.rpm | 453 kB 00:00
  137. (15/22): systemd-libs-219-57.el7_5.1.x86_64.rpm | 402 kB 00:00
  138. (16/22): systemd-sysv-219-57.el7_5.1.x86_64.rpm | 79 kB 00:00
  139. (17/22): tuned-2.9.0-1.el7_5.2.noarch.rpm | 244 kB 00:00
  140. (18/22): systemd-219-57.el7_5.1.x86_64.rpm | 5.0 MB 00:00
  141. (19/22): selinux-policy-targeted-3.13.1-192.el7_5.6.noarch | 6.6 MB 00:00
  142. (20/22): util-linux-2.23.2-52.el7_5.1.x86_64.rpm | 2.0 MB 00:00
  143. (21/22): 654962a43cb6bc6b47bc312424410b7c203e1beb73386d868 | 28 MB 00:01
  144. (22/22): qemu-guest-agent-2.8.0-2.el7_5.1.x86_64.rpm | 150 kB 00:01
  145. --------------------------------------------------------------------------------
  146. Total 26 MB/s | 46 MB 00:01
  147. Running transaction check
  148. Running transaction test
  149. Transaction test succeeded
  150. Running transaction
  151. Updating : audit-libs-2.8.1-3.el7_5.1.x86_64 1/44
  152. Updating : libuuid-2.23.2-52.el7_5.1.x86_64 2/44
  153. Updating : libblkid-2.23.2-52.el7_5.1.x86_64 3/44
  154. Updating : libmount-2.23.2-52.el7_5.1.x86_64 4/44
  155. Updating : systemd-libs-219-57.el7_5.1.x86_64 5/44
  156. Updating : systemd-219-57.el7_5.1.x86_64 6/44
  157. Updating : util-linux-2.23.2-52.el7_5.1.x86_64 7/44
  158. Updating : systemd-sysv-219-57.el7_5.1.x86_64 8/44
  159. Updating : 32:bind-license-9.9.4-61.el7_5.1.noarch 9/44
  160. Updating : selinux-policy-3.13.1-192.el7_5.6.noarch 10/44
  161. Updating : kpartx-0.4.9-119.el7_5.1.x86_64 11/44
  162. Updating : dracut-033-535.el7_5.1.x86_64 12/44
  163. Updating : dracut-config-rescue-033-535.el7_5.1.x86_64 13/44
  164. Updating : selinux-policy-targeted-3.13.1-192.el7_5.6.noarch 14/44
  165. Updating : 32:bind-libs-lite-9.9.4-61.el7_5.1.x86_64 15/44
  166. Updating : audit-2.8.1-3.el7_5.1.x86_64 16/44
  167. Updating : initscripts-9.49.41-1.el7_5.1.x86_64 17/44
  168. Updating : tuned-2.9.0-1.el7_5.2.noarch 18/44
  169. Updating : 10:qemu-guest-agent-2.8.0-2.el7_5.1.x86_64 19/44
  170. Updating : audit-libs-python-2.8.1-3.el7_5.1.x86_64 20/44
  171. Updating : google-cloud-sdk-215.0.0-1.el7.noarch 21/44
  172. Updating : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 22/44
  173. Cleanup : audit-2.8.1-3.el7.x86_64 23/44
  174. Cleanup : tuned-2.9.0-1.el7.noarch 24/44
  175. Cleanup : initscripts-9.49.41-1.el7.x86_64 25/44
  176. Cleanup : systemd-sysv-219-57.el7.x86_64 26/44
  177. Cleanup : dracut-config-rescue-033-535.el7.x86_64 27/44
  178. Cleanup : selinux-policy-targeted-3.13.1-192.el7_5.4.noarch 28/44
  179. Cleanup : dracut-033-535.el7.x86_64 29/44
  180. Cleanup : util-linux-2.23.2-52.el7.x86_64 30/44
  181. Cleanup : 10:qemu-guest-agent-2.8.0-2.el7.x86_64 31/44
  182. Cleanup : systemd-219-57.el7.x86_64 32/44
  183. Cleanup : libmount-2.23.2-52.el7.x86_64 33/44
  184. Cleanup : libblkid-2.23.2-52.el7.x86_64 34/44
  185. Cleanup : 32:bind-libs-lite-9.9.4-61.el7.x86_64 35/44
  186. Cleanup : audit-libs-python-2.8.1-3.el7.x86_64 36/44
  187. Cleanup : 32:bind-license-9.9.4-61.el7.noarch 37/44
  188. Cleanup : selinux-policy-3.13.1-192.el7_5.4.noarch 38/44
  189. Cleanup : google-cloud-sdk-212.0.0-1.el7.noarch 39/44
  190. Cleanup : audit-libs-2.8.1-3.el7.x86_64 40/44
  191. Cleanup : libuuid-2.23.2-52.el7.x86_64 41/44
  192. Cleanup : systemd-libs-219-57.el7.x86_64 42/44
  193. Cleanup : kpartx-0.4.9-119.el7.x86_64 43/44
  194. Cleanup : 1:mariadb-libs-5.5.56-2.el7.x86_64 44/44
  195. Verifying : initscripts-9.49.41-1.el7_5.1.x86_64 1/44
  196. Verifying : audit-libs-python-2.8.1-3.el7_5.1.x86_64 2/44
  197. Verifying : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 3/44
  198. Verifying : audit-2.8.1-3.el7_5.1.x86_64 4/44
  199. Verifying : kpartx-0.4.9-119.el7_5.1.x86_64 5/44
  200. Verifying : 32:bind-libs-lite-9.9.4-61.el7_5.1.x86_64 6/44
  201. Verifying : 10:qemu-guest-agent-2.8.0-2.el7_5.1.x86_64 7/44
  202. Verifying : systemd-sysv-219-57.el7_5.1.x86_64 8/44
  203. Verifying : tuned-2.9.0-1.el7_5.2.noarch 9/44
  204. Verifying : selinux-policy-targeted-3.13.1-192.el7_5.6.noarch 10/44
  205. Verifying : libmount-2.23.2-52.el7_5.1.x86_64 11/44
  206. Verifying : selinux-policy-3.13.1-192.el7_5.6.noarch 12/44
  207. Verifying : systemd-219-57.el7_5.1.x86_64 13/44
  208. Verifying : systemd-libs-219-57.el7_5.1.x86_64 14/44
  209. Verifying : 32:bind-license-9.9.4-61.el7_5.1.noarch 15/44
  210. Verifying : libuuid-2.23.2-52.el7_5.1.x86_64 16/44
  211. Verifying : dracut-config-rescue-033-535.el7_5.1.x86_64 17/44
  212. Verifying : audit-libs-2.8.1-3.el7_5.1.x86_64 18/44
  213. Verifying : dracut-033-535.el7_5.1.x86_64 19/44
  214. Verifying : libblkid-2.23.2-52.el7_5.1.x86_64 20/44
  215. Verifying : util-linux-2.23.2-52.el7_5.1.x86_64 21/44
  216. Verifying : google-cloud-sdk-215.0.0-1.el7.noarch 22/44
  217. Verifying : selinux-policy-3.13.1-192.el7_5.4.noarch 23/44
  218. Verifying : libmount-2.23.2-52.el7.x86_64 24/44
  219. Verifying : audit-libs-2.8.1-3.el7.x86_64 25/44
  220. Verifying : libblkid-2.23.2-52.el7.x86_64 26/44
  221. Verifying : 1:mariadb-libs-5.5.56-2.el7.x86_64 27/44
  222. Verifying : kpartx-0.4.9-119.el7.x86_64 28/44
  223. Verifying : selinux-policy-targeted-3.13.1-192.el7_5.4.noarch 29/44
  224. Verifying : tuned-2.9.0-1.el7.noarch 30/44
  225. Verifying : dracut-033-535.el7.x86_64 31/44
  226. Verifying : util-linux-2.23.2-52.el7.x86_64 32/44
  227. Verifying : audit-2.8.1-3.el7.x86_64 33/44
  228. Verifying : audit-libs-python-2.8.1-3.el7.x86_64 34/44
  229. Verifying : systemd-219-57.el7.x86_64 35/44
  230. Verifying : systemd-sysv-219-57.el7.x86_64 36/44
  231. Verifying : 32:bind-license-9.9.4-61.el7.noarch 37/44
  232. Verifying : initscripts-9.49.41-1.el7.x86_64 38/44
  233. Verifying : dracut-config-rescue-033-535.el7.x86_64 39/44
  234. Verifying : systemd-libs-219-57.el7.x86_64 40/44
  235. Verifying : 10:qemu-guest-agent-2.8.0-2.el7.x86_64 41/44
  236. Verifying : google-cloud-sdk-212.0.0-1.el7.noarch 42/44
  237. Verifying : libuuid-2.23.2-52.el7.x86_64 43/44
  238. Verifying : 32:bind-libs-lite-9.9.4-61.el7.x86_64 44/44
  239.  
  240. Updated:
  241. audit.x86_64 0:2.8.1-3.el7_5.1
  242. audit-libs.x86_64 0:2.8.1-3.el7_5.1
  243. audit-libs-python.x86_64 0:2.8.1-3.el7_5.1
  244. bind-libs-lite.x86_64 32:9.9.4-61.el7_5.1
  245. bind-license.noarch 32:9.9.4-61.el7_5.1
  246. dracut.x86_64 0:033-535.el7_5.1
  247. dracut-config-rescue.x86_64 0:033-535.el7_5.1
  248. google-cloud-sdk.noarch 0:215.0.0-1.el7
  249. initscripts.x86_64 0:9.49.41-1.el7_5.1
  250. kpartx.x86_64 0:0.4.9-119.el7_5.1
  251. libblkid.x86_64 0:2.23.2-52.el7_5.1
  252. libmount.x86_64 0:2.23.2-52.el7_5.1
  253. libuuid.x86_64 0:2.23.2-52.el7_5.1
  254. mariadb-libs.x86_64 1:5.5.60-1.el7_5
  255. qemu-guest-agent.x86_64 10:2.8.0-2.el7_5.1
  256. selinux-policy.noarch 0:3.13.1-192.el7_5.6
  257. selinux-policy-targeted.noarch 0:3.13.1-192.el7_5.6
  258. systemd.x86_64 0:219-57.el7_5.1
  259. systemd-libs.x86_64 0:219-57.el7_5.1
  260. systemd-sysv.x86_64 0:219-57.el7_5.1
  261. tuned.noarch 0:2.9.0-1.el7_5.2
  262. util-linux.x86_64 0:2.23.2-52.el7_5.1
  263.  
  264. Complete!
  265. [root@vm1 ~]# getenforce
  266. Enforcing
  267. [root@vm1 ~]# firewall-cmd --state
  268. running
  269. [root@vm1 ~]# reboot
  270. Using username "snikolov-putty".
  271. Authenticating with public key ""
  272. Last login: Mon Sep 10 07:35:42 2018 from 15.195.179.254
  273. [snikolov-putty@vm1 ~]$ sudo su -
  274. Last login: Mon Sep 10 07:36:37 UTC 2018 on pts/0
  275. [root@vm1 ~]# vim /etc/hosts
  276. [root@vm1 ~]# yum install httpd mod_wsgi
  277. Loaded plugins: fastestmirror
  278. Loading mirror speeds from cached hostfile
  279. * base: mirror.steadfastnet.com
  280. * epel: mirror.steadfastnet.com
  281. * extras: ftpmirror.your.org
  282. * updates: mirrors.liquidweb.com
  283. Resolving Dependencies
  284. --> Running transaction check
  285. ---> Package httpd.x86_64 0:2.4.6-80.el7.centos.1 will be installed
  286. --> Processing Dependency: httpd-tools = 2.4.6-80.el7.centos.1 for package: httpd-2.4.6-80.el7.centos.1.x86_64
  287. --> Processing Dependency: /etc/mime.types for package: httpd-2.4.6-80.el7.centos.1.x86_64
  288. --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.4.6-80.el7.centos.1.x86_64
  289. --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.4.6-80.el7.centos.1.x86_64
  290. ---> Package mod_wsgi.x86_64 0:3.4-12.el7_0 will be installed
  291. --> Running transaction check
  292. ---> Package apr.x86_64 0:1.4.8-3.el7_4.1 will be installed
  293. ---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
  294. ---> Package httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 will be installed
  295. ---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
  296. --> Finished Dependency Resolution
  297.  
  298. Dependencies Resolved
  299.  
  300. =============================================================================================================================================================
  301. Package Arch Version Repository Size
  302. =============================================================================================================================================================
  303. Installing:
  304. httpd x86_64 2.4.6-80.el7.centos.1 updates 2.7 M
  305. mod_wsgi x86_64 3.4-12.el7_0 base 76 k
  306. Installing for dependencies:
  307. apr x86_64 1.4.8-3.el7_4.1 base 103 k
  308. apr-util x86_64 1.5.2-6.el7 base 92 k
  309. httpd-tools x86_64 2.4.6-80.el7.centos.1 updates 90 k
  310. mailcap noarch 2.1.41-2.el7 base 31 k
  311.  
  312. Transaction Summary
  313. =============================================================================================================================================================
  314. Install 2 Packages (+4 Dependent packages)
  315.  
  316. Total download size: 3.1 M
  317. Installed size: 10 M
  318. Is this ok [y/d/N]: y
  319. Downloading packages:
  320. (1/6): httpd-tools-2.4.6-80.el7.centos.1.x86_64.rpm | 90 kB 00:00:00
  321. (2/6): apr-1.4.8-3.el7_4.1.x86_64.rpm | 103 kB 00:00:00
  322. (3/6): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:00:00
  323. (4/6): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:00:00
  324. (5/6): mod_wsgi-3.4-12.el7_0.x86_64.rpm | 76 kB 00:00:00
  325. (6/6): httpd-2.4.6-80.el7.centos.1.x86_64.rpm | 2.7 MB 00:00:00
  326. -------------------------------------------------------------------------------------------------------------------------------------------------------------
  327. Total 5.7 MB/s | 3.1 MB 00:00:00
  328. Running transaction check
  329. Running transaction test
  330. Transaction test succeeded
  331. Running transaction
  332. Installing : apr-1.4.8-3.el7_4.1.x86_64 1/6
  333. Installing : apr-util-1.5.2-6.el7.x86_64 2/6
  334. Installing : httpd-tools-2.4.6-80.el7.centos.1.x86_64 3/6
  335. Installing : mailcap-2.1.41-2.el7.noarch 4/6
  336. Installing : httpd-2.4.6-80.el7.centos.1.x86_64 5/6
  337. Installing : mod_wsgi-3.4-12.el7_0.x86_64 6/6
  338. Verifying : mod_wsgi-3.4-12.el7_0.x86_64 1/6
  339. Verifying : mailcap-2.1.41-2.el7.noarch 2/6
  340. Verifying : httpd-tools-2.4.6-80.el7.centos.1.x86_64 3/6
  341. Verifying : apr-util-1.5.2-6.el7.x86_64 4/6
  342. Verifying : httpd-2.4.6-80.el7.centos.1.x86_64 5/6
  343. Verifying : apr-1.4.8-3.el7_4.1.x86_64 6/6
  344.  
  345. Installed:
  346. httpd.x86_64 0:2.4.6-80.el7.centos.1 mod_wsgi.x86_64 0:3.4-12.el7_0
  347.  
  348. Dependency Installed:
  349. apr.x86_64 0:1.4.8-3.el7_4.1 apr-util.x86_64 0:1.5.2-6.el7 httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 mailcap.noarch 0:2.1.41-2.el7
  350.  
  351. Complete!
  352. [root@vm1 ~]# firewall-cmd --permanent --add-service=http
  353. success
  354. [root@vm1 ~]# firewall-cmd --reload
  355. success
  356. [root@vm1 ~]# cat /etc/hosts
  357. 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
  358. ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
  359. 10.128.0.2 vm1.c.sixth-wave-179410.internal vm1 # Added by Google
  360. 169.254.169.254 metadata.google.internal # Added by Google
  361. [root@vm1 ~]# curl http://vm1.c.sixth-wave-179410.internal
  362. curl: (7) Failed connect to vm1.c.sixth-wave-179410.internal:80; Connection refused
  363. [root@vm1 ~]# curl http://vm1.c.sixth-wave-179410.internal
  364. curl: (7) Failed connect to vm1.c.sixth-wave-179410.internal:80; Connection refused
  365. [root@vm1 ~]# ip a s
  366. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  367. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  368. inet 127.0.0.1/8 scope host lo
  369. valid_lft forever preferred_lft forever
  370. inet6 ::1/128 scope host
  371. valid_lft forever preferred_lft forever
  372. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc pfifo_fast state UP group default qlen 1000
  373. link/ether 42:01:0a:80:00:02 brd ff:ff:ff:ff:ff:ff
  374. inet 10.128.0.2/32 brd 10.128.0.2 scope global noprefixroute dynamic eth0
  375. valid_lft 85694sec preferred_lft 85694sec
  376. inet6 fe80::4001:aff:fe80:2/64 scope link
  377. valid_lft forever preferred_lft forever
  378. [root@vm1 ~]# ping vm1.c.sixth-wave-179410.internal
  379. PING vm1.c.sixth-wave-179410.internal (10.128.0.2) 56(84) bytes of data.
  380. 64 bytes from vm1.c.sixth-wave-179410.internal (10.128.0.2): icmp_seq=1 ttl=64 time=0.046 ms
  381. 64 bytes from vm1.c.sixth-wave-179410.internal (10.128.0.2): icmp_seq=2 ttl=64 time=0.050 ms
  382. ^C
  383. --- vm1.c.sixth-wave-179410.internal ping statistics ---
  384. 2 packets transmitted, 2 received, 0% packet loss, time 999ms
  385. rtt min/avg/max/mdev = 0.046/0.048/0.050/0.002 ms
  386. [root@vm1 ~]# firewall-cmd --list-all
  387. trusted (active)
  388. target: ACCEPT
  389. icmp-block-inversion: no
  390. interfaces: eth0
  391. sources:
  392. services: http
  393. ports:
  394. protocols:
  395. masquerade: no
  396. forward-ports:
  397. source-ports:
  398. icmp-blocks:
  399. rich rules:
  400.  
  401. [root@vm1 ~]# systemctl enable --now httpd
  402. Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
  403. [root@vm1 ~]# curl http://vm1.c.sixth-wave-179410.internal
  404. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html><head>
  405. <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  406. <title>Apache HTTP Server Test Page powered by CentOS</title>
  407. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  408.  
  409. <!-- Bootstrap -->
  410. <link href="/noindex/css/bootstrap.min.css" rel="stylesheet">
  411. <link rel="stylesheet" href="noindex/css/open-sans.css" type="text/css" />
  412.  
  413. <style type="text/css"><!--
  414.  
  415. body {
  416. font-family: "Open Sans", Helvetica, sans-serif;
  417. font-weight: 100;
  418. color: #ccc;
  419. background: rgba(10, 24, 55, 1);
  420. font-size: 16px;
  421. }
  422.  
  423. h2, h3, h4 {
  424. font-weight: 200;
  425. }
  426.  
  427. h2 {
  428. font-size: 28px;
  429. }
  430.  
  431. .jumbotron {
  432. margin-bottom: 0;
  433. color: #333;
  434. background: rgb(212,212,221); /* Old browsers */
  435. background: radial-gradient(ellipse at center top, rgba(255,255,255,1) 0%,rgba(174,174,183,1) 100%); /* W3C */
  436. }
  437.  
  438. .jumbotron h1 {
  439. font-size: 128px;
  440. font-weight: 700;
  441. color: white;
  442. text-shadow: 0px 2px 0px #abc,
  443. 0px 4px 10px rgba(0,0,0,0.15),
  444. 0px 5px 2px rgba(0,0,0,0.1),
  445. 0px 6px 30px rgba(0,0,0,0.1);
  446. }
  447.  
  448. .jumbotron p {
  449. font-size: 28px;
  450. font-weight: 100;
  451. }
  452.  
  453. .main {
  454. background: white;
  455. color: #234;
  456. border-top: 1px solid rgba(0,0,0,0.12);
  457. padding-top: 30px;
  458. padding-bottom: 40px;
  459. }
  460.  
  461. .footer {
  462. border-top: 1px solid rgba(255,255,255,0.2);
  463. padding-top: 30px;
  464. }
  465.  
  466. --></style>
  467. </head>
  468. <body>
  469. <div class="jumbotron text-center">
  470. <div class="container">
  471. <h1>Testing 123..</h1>
  472. <p class="lead">This page is used to test the proper operation of the <a href="http://apache.org">Apache HTTP server</a> after it has been installed. If you can read this page it means that this site is working properly. This server is powered by <a href="http://centos.org">CentOS</a>.</p>
  473. </div>
  474. </div>
  475. <div class="main">
  476. <div class="container">
  477. <div class="row">
  478. <div class="col-sm-6">
  479. <h2>Just visiting?</h2>
  480. <p class="lead">The website you just visited is either experiencing problems or is undergoing routine maintenance.</p>
  481. <p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>
  482. <p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".</p>
  483. </div>
  484. <div class="col-sm-6">
  485. <h2>Are you the Administrator?</h2>
  486. <p>You should add your website content to the directory <tt>/var/www/html/</tt>.</p>
  487. <p>To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>
  488.  
  489. <h2>Promoting Apache and CentOS</h2>
  490. <p>You are free to use the images below on Apache and CentOS Linux powered HTTP servers. Thanks for using Apache and CentOS!</p>
  491. <p><a href="http://httpd.apache.org/"><img src="images/apache_pb.gif" alt="[ Powered by Apache ]"></a> <a href="http://www.centos.org/"><img src="images/poweredby.png" alt="[ Powered by CentOS Linux ]" height="31" width="88"></a></p>
  492. </div>
  493. </div>
  494. </div>
  495. </div>
  496. </div>
  497. <div class="footer">
  498. <div class="container">
  499. <div class="row">
  500. <div class="col-sm-6">
  501. <h2>Important note:</h2>
  502. <p class="lead">The CentOS Project has nothing to do with this website or its content,
  503. it just provides the software that makes the website run.</p>
  504.  
  505. <p>If you have issues with the content of this site, contact the owner of the domain, not the CentOS project.
  506. Unless you intended to visit CentOS.org, the CentOS Project does not have anything to do with this website,
  507. the content or the lack of it.</p>
  508. <p>For example, if this website is www.example.com, you would find the owner of the example.com domain at the following WHOIS server:</p>
  509. <p><a href="http://www.internic.net/whois.html">http://www.internic.net/whois.html</a></p>
  510. </div>
  511. <div class="col-sm-6">
  512. <h2>The CentOS Project</h2>
  513. <p>The CentOS Linux distribution is a stable, predictable, manageable and reproduceable platform derived from
  514. the sources of Red Hat Enterprise Linux (RHEL).<p>
  515.  
  516. <p>Additionally to being a popular choice for web hosting, CentOS also provides a rich platform for open source communities to build upon. For more information
  517. please visit the <a href="http://www.centos.org/">CentOS website</a>.</p>
  518. </div>
  519. </div>
  520. </div>
  521. </div>
  522. </div>
  523. </body></html>
  524. [root@vm1 ~]#
  525. [root@vm1 ~]# vim /var/www/html/index.html
  526. [root@vm1 ~]# curl http://vm1.c.sixth-wave-179410.internal
  527. You are not supposed to see this.
  528. Please contact admin@example5.com
  529. [root@vm1 ~]# mkdir /srv/myapp
  530. [root@vm1 ~]# setenforce 0
  531. [root@vm1 ~]# vim /srv/myapp/myapp.py
  532. [root@vm1 ~]# chown apache:apache /srv/myapp/myapp.py
  533. \[root@vm1 ~]# chmod 750 /srv/myapp/myapp.py
  534. [root@vm1 ~]# sudo -u apache python /srv/myapp/myapp.py
  535. Traceback (most recent call last):
  536. File "/srv/myapp/myapp.py", line 1, in <module>
  537. from eventlet import wsgi
  538. ImportError: No module named eventlet
  539. [root@vm1 ~]# vim /srv/myapp/myapp.py
  540. [root@vm1 ~]# sudo -u apache python /srv/myapp/myapp.py
  541. [root@vm1 ~]# python /srv/myapp/myapp.py
  542. [root@vm1 ~]# vim /srv/myapp/myapp.py
  543. [root@vm1 ~]# python /srv/myapp/myapp.py
  544. [root@vm1 ~]# /srv/myapp/myapp.py
  545. /srv/myapp/myapp.py: line 1: syntax error near unexpected token `('
  546. /srv/myapp/myapp.py: line 1: `def application(environ, start_response):'
  547. [root@vm1 ~]# cd /etc/httpd/
  548. conf/ conf.d/ conf.modules.d/ logs/ modules/ run/
  549. [root@vm1 ~]# cd /etc/httpd/conf.d/
  550. [root@vm1 conf.d]# vim virtual1.conf
  551. [root@vm1 conf.d]# vim virtual1.conf
  552. [root@vm1 conf.d]# vim virtual1.conf
  553. [root@vm1 conf.d]# vim virtual1.conf
  554. [root@vm1 conf.d]# apachectl configtest
  555. Syntax OK
  556. [root@vm1 conf.d]# systemctl restart httpd
  557. [root@vm1 conf.d]# curl http://vm1.c.sixth-wave-179410.internal
  558. You are not supposed to see this.
  559. Please contact admin@example5.com
  560. [root@vm1 conf.d]# curl http://vm1.c.sixth-wave-179410.internal/myapp/
  561. Hello World![root@vm1 conf.d]# yum install setroubleshoot-server
  562. Loaded plugins: fastestmirror
  563. Loading mirror speeds from cached hostfile
  564. * base: mirror.steadfastnet.com
  565. * epel: mirror.steadfastnet.com
  566. * extras: ftpmirror.your.org
  567. * updates: mirrors.liquidweb.com
  568. Resolving Dependencies
  569. --> Running transaction check
  570. ---> Package setroubleshoot-server.x86_64 0:3.2.29-3.el7 will be installed
  571. --> Processing Dependency: systemd-python >= 206-1 for package: setroubleshoot-server-3.2.29-3.el7.x86_64
  572. --> Processing Dependency: setroubleshoot-plugins >= 3.0.62 for package: setroubleshoot-server-3.2.29-3.el7.x86_64
  573. --> Processing Dependency: pygobject2 for package: setroubleshoot-server-3.2.29-3.el7.x86_64
  574. --> Processing Dependency: libxml2-python for package: setroubleshoot-server-3.2.29-3.el7.x86_64
  575. --> Running transaction check
  576. ---> Package libxml2-python.x86_64 0:2.9.1-6.el7_2.3 will be installed
  577. ---> Package pygobject2.x86_64 0:2.28.6-11.el7 will be installed
  578. ---> Package setroubleshoot-plugins.noarch 0:3.0.66-2.1.el7 will be installed
  579. ---> Package systemd-python.x86_64 0:219-57.el7_5.1 will be installed
  580. --> Finished Dependency Resolution
  581.  
  582. Dependencies Resolved
  583.  
  584. =============================================================================================================================================================
  585. Package Arch Version Repository Size
  586. =============================================================================================================================================================
  587. Installing:
  588. setroubleshoot-server x86_64 3.2.29-3.el7 base 388 k
  589. Installing for dependencies:
  590. libxml2-python x86_64 2.9.1-6.el7_2.3 base 247 k
  591. pygobject2 x86_64 2.28.6-11.el7 base 226 k
  592. setroubleshoot-plugins noarch 3.0.66-2.1.el7 base 345 k
  593. systemd-python x86_64 219-57.el7_5.1 updates 128 k
  594.  
  595. Transaction Summary
  596. =============================================================================================================================================================
  597. Install 1 Package (+4 Dependent packages)
  598.  
  599. Total download size: 1.3 M
  600. Installed size: 6.3 M
  601. Is this ok [y/d/N]: y
  602. Downloading packages:
  603. (1/5): libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm | 247 kB 00:00:00
  604. (2/5): pygobject2-2.28.6-11.el7.x86_64.rpm | 226 kB 00:00:00
  605. (3/5): setroubleshoot-plugins-3.0.66-2.1.el7.noarch.rpm | 345 kB 00:00:00
  606. (4/5): setroubleshoot-server-3.2.29-3.el7.x86_64.rpm | 388 kB 00:00:00
  607. (5/5): systemd-python-219-57.el7_5.1.x86_64.rpm | 128 kB 00:00:00
  608. -------------------------------------------------------------------------------------------------------------------------------------------------------------
  609. Total 2.7 MB/s | 1.3 MB 00:00:00
  610. Running transaction check
  611. Running transaction test
  612. Transaction test succeeded
  613. Running transaction
  614. Installing : systemd-python-219-57.el7_5.1.x86_64 1/5
  615. Installing : libxml2-python-2.9.1-6.el7_2.3.x86_64 2/5
  616. Installing : pygobject2-2.28.6-11.el7.x86_64 3/5
  617. Installing : setroubleshoot-server-3.2.29-3.el7.x86_64 4/5
  618. Installing : setroubleshoot-plugins-3.0.66-2.1.el7.noarch 5/5
  619. Verifying : setroubleshoot-plugins-3.0.66-2.1.el7.noarch 1/5
  620. Verifying : setroubleshoot-server-3.2.29-3.el7.x86_64 2/5
  621. Verifying : pygobject2-2.28.6-11.el7.x86_64 3/5
  622. Verifying : libxml2-python-2.9.1-6.el7_2.3.x86_64 4/5
  623. Verifying : systemd-python-219-57.el7_5.1.x86_64 5/5
  624.  
  625. Installed:
  626. setroubleshoot-server.x86_64 0:3.2.29-3.el7
  627.  
  628. Dependency Installed:
  629. libxml2-python.x86_64 0:2.9.1-6.el7_2.3 pygobject2.x86_64 0:2.28.6-11.el7 setroubleshoot-plugins.noarch 0:3.0.66-2.1.el7
  630. systemd-python.x86_64 0:219-57.el7_5.1
  631.  
  632. Complete!
  633. [root@vm1 conf.d]# sealert -a /var/log/audit/audit.log
  634. 100% done
  635. found 2 alerts in /var/log/audit/audit.log
  636. --------------------------------------------------------------------------------
  637.  
  638. SELinux is preventing /usr/sbin/httpd from getattr access on the file /srv/myapp/myapp.py.
  639.  
  640. ***** Plugin catchall_labels (83.8 confidence) suggests *******************
  641.  
  642. If you want to allow httpd to have getattr access on the myapp.py file
  643. Then you need to change the label on /srv/myapp/myapp.py
  644. Do
  645. # semanage fcontext -a -t FILE_TYPE '/srv/myapp/myapp.py'
  646. where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_log_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_spool_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_log_t, abrt_var_run_t, accountsd_exec_t, acct_data_t, acct_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, afs_logfile_t, aide_exec_t, aide_log_t, alsa_exec_t, alsa_tmp_t, amanda_exec_t, amanda_log_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_log_t, antivirus_tmp_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, apcupsd_cgi_script_exec_t, apcupsd_log_t, apcupsd_tmp_t, apm_exec_t, apmd_log_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_log_t, asterisk_tmp_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, auth_cache_t, authconfig_exec_t, automount_tmp_t, avahi_exec_t, awstats_content_t, awstats_htaccess_t, awstats_ra_content_t, awstats_rw_content_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_log_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bin_t, bitlbee_log_t, bitlbee_tmp_t, blueman_exec_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_log_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, brltty_log_t, bugzilla_content_t, bugzilla_htaccess_t, bugzilla_ra_content_t, bugzilla_rw_content_t, bugzilla_script_exec_t, bugzilla_tmp_t, calamaris_exec_t, calamaris_log_t, calamaris_www_t, callweaver_log_t, canna_log_t, cardctl_exec_t, cardmgr_dev_t, ccs_tmp_t, ccs_var_lib_t, ccs_var_log_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmaster_var_log_t, certmonger_unconfined_exec_t, certwatch_exec_t, cfengine_log_t, cgred_log_t, checkpc_exec_t, checkpc_log_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_var_log_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_log_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cloud_log_t, cluster_conf_t, cluster_tmp_t, cluster_var_lib_t, cluster_var_log_t, cluster_var_run_t, cobbler_etc_t, cobbler_tmp_t, cobbler_var_lib_t, cobbler_var_log_t, cockpit_tmp_t, collectd_content_t, collectd_htaccess_t, collectd_ra_content_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_log_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_log_t, conman_tmp_t, conman_unconfined_script_exec_t, consolehelper_exec_t, consolekit_exec_t, consolekit_log_t, container_log_t, container_runtime_tmp_t, couchdb_log_t, couchdb_tmp_t, courier_exec_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, cron_log_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_log_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_log_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_content_t, cvs_data_t, cvs_exec_t, cvs_htaccess_t, cvs_ra_content_t, cvs_rw_content_t, cvs_script_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_log_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_log_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_log_t, deltacloudd_tmp_t, denyhosts_var_log_t, depmod_exec_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, devicekit_var_log_t, dhcpc_exec_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_config_t, dirsrv_share_t, dirsrv_snmp_var_log_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_content_t, dirsrvadmin_htaccess_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dlm_controld_var_log_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_var_log_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, dovecot_var_log_t, drbd_tmp_t, dspam_content_t, dspam_htaccess_t, dspam_log_t, dspam_ra_content_t, dspam_rw_content_t, dspam_script_exec_t, etc_runtime_t, etc_t, evtchnd_var_log_t, exim_exec_t, exim_log_t, exim_tmp_t, fail2ban_client_exec_t, fail2ban_log_t, fail2ban_tmp_t, fail2ban_var_lib_t, faillog_t, fenced_tmp_t, fenced_var_log_t, fetchmail_exec_t, fetchmail_log_t, file_context_t, fingerd_log_t, firewalld_exec_t, firewalld_tmp_t, firewalld_var_log_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, foghorn_var_log_t, fonts_cache_t, fonts_t, fprintd_exec_t, freqset_exec_t, fsadm_exec_t, fsadm_log_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, games_exec_t, games_tmp_t, games_tmpfs_t, ganesha_tmp_t, ganesha_var_log_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_log_t, getty_tmp_t, gfs_controld_var_log_t, git_content_t, git_htaccess_t, git_ra_content_t, git_rw_content_t, git_script_exec_t, git_script_tmp_t, git_sys_content_t, gitd_exec_t, gitosis_exec_t, gitosis_var_lib_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_log_t, glance_registry_tmp_t, glance_tmp_t, glusterd_log_t, glusterd_tmp_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, gpsd_exec_t, groupadd_exec_t, groupd_var_log_t, gssd_tmp_t, haproxy_var_log_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_cache_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_keytab_t, httpd_lock_t, httpd_log_t, httpd_modules_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_squirrelmail_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_htaccess_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_tmpfs_t, httpd_unconfined_script_exec_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_var_lib_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, iceauth_exec_t, icecast_exec_t, icecast_log_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_log_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, initrc_var_log_t, innd_log_t, insmod_exec_t, install_exec_t, iotop_exec_t, ipa_cert_t, ipa_helper_exec_t, ipa_log_t, ipa_tmp_t, ipa_var_lib_t, ipa_var_run_t, ipsec_log_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_tmp_t, irc_exec_t, irssi_exec_t, iscsi_log_t, iscsi_tmp_t, iso9660_t, iwhd_log_t, jetty_cache_t, jetty_log_t, jetty_var_lib_t, jetty_var_run_t, jockey_exec_t, jockey_var_log_t, journalctl_exec_t, kadmind_log_t, kadmind_tmp_t, kdump_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_unconfined_script_exec_t, keystone_cgi_content_t, keystone_cgi_htaccess_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, keystone_cgi_script_exec_t, keystone_log_t, keystone_tmp_t, kismet_exec_t, kismet_log_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_conf_t, krb5kdc_log_t, krb5kdc_tmp_t, ksmtuned_log_t, ktalkd_log_t, ktalkd_tmp_t, l2tpd_tmp_t, lastlog_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, livecd_exec_t, livecd_tmp_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_archive_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_data_t, mailman_log_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man2html_content_t, man2html_htaccess_t, man2html_ra_content_t, man2html_rw_content_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mcelog_exec_t, mcelog_log_t, mdadm_log_t, mdadm_tmp_t, mediawiki_content_t, mediawiki_htaccess_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_script_exec_t, mediawiki_tmp_t, mencoder_exec_t, minidlna_log_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_lib_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, mojomojo_content_t, mojomojo_htaccess_t, mojomojo_ra_content_t, mojomojo_rw_content_t, mojomojo_script_exec_t, mojomojo_tmp_t, mongod_log_t, mongod_tmp_t, motion_log_t, mount_ecryptfs_exec_t, mount_exec_t, mount_tmp_t, mozilla_exec_t, mozilla_plugin_config_exec_t, mozilla_plugin_exec_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_tmp_t, mozilla_tmpfs_t, mpd_exec_t, mpd_log_t, mpd_tmp_t, mplayer_exec_t, mplayer_tmpfs_t, mrtg_exec_t, mrtg_log_t, mscan_tmp_t, munin_content_t, munin_etc_t, munin_htaccess_t, munin_log_t, munin_ra_content_t, munin_rw_content_t, munin_script_exec_t, munin_script_tmp_t, munin_tmp_t, mysqld_etc_t, mysqld_log_t, mysqld_tmp_t, mythtv_content_t, mythtv_htaccess_t, mythtv_ra_content_t, mythtv_rw_content_t, mythtv_script_exec_t, mythtv_var_log_t, nagios_admin_plugin_exec_t, nagios_checkdisk_plugin_exec_t, nagios_content_t, nagios_etc_t, nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_tmp_t, nagios_htaccess_t, nagios_log_t, nagios_mail_plugin_exec_t, nagios_openshift_plugin_exec_t, nagios_openshift_plugin_tmp_t, nagios_ra_content_t, nagios_rw_content_t, nagios_script_exec_t, nagios_services_plugin_exec_t, nagios_system_plugin_exec_t, nagios_system_plugin_tmp_t, nagios_tmp_t, nagios_unconfined_plugin_exec_t, nagios_var_lib_t, named_checkconf_exec_t, named_exec_t, named_log_t, named_tmp_t, namespace_init_exec_t, ncftool_exec_t, ndc_exec_t, net_conf_t, netlabel_mgmt_exec_t, netutils_exec_t, netutils_tmp_t, neutron_log_t, neutron_tmp_t, newrole_exec_t, nova_log_t, nova_tmp_t, nscd_log_t, nsd_log_t, nsd_tmp_t, ntop_tmp_t, ntpd_log_t, ntpd_tmp_t, ntpdate_exec_t, numad_var_log_t, nut_upsd_tmp_t, nut_upsdrvctl_tmp_t, nut_upsmon_tmp_t, nutups_cgi_content_t, nutups_cgi_htaccess_t, nutups_cgi_ra_content_t, nutups_cgi_rw_content_t, nutups_cgi_script_exec_t, nx_server_tmp_t, obex_exec_t, oddjob_mkhomedir_exec_t, opendnssec_tmp_t, openhpid_log_t, openshift_cgroup_read_exec_t, openshift_cgroup_read_tmp_t, openshift_content_t, openshift_cron_tmp_t, openshift_htaccess_t, openshift_initrc_tmp_t, openshift_log_t, openshift_net_read_exec_t, openshift_ra_content_t, openshift_rw_content_t, openshift_script_exec_t, openshift_tmp_t, openshift_var_lib_t, opensm_log_t, openvpn_status_t, openvpn_tmp_t, openvpn_var_log_t, openvswitch_log_t, openvswitch_tmp_t, openwsman_log_t, openwsman_tmp_t, oracleasm_tmp_t, osad_log_t, pads_exec_t, pam_console_exec_t, pam_timestamp_tmp_t, passenger_exec_t, passenger_log_t, passenger_tmp_t, passenger_var_lib_t, passenger_var_run_t, passwd_exec_t, passwd_file_t, pcp_log_t, pcp_tmp_t, pcscd_var_run_t, pegasus_openlmi_storage_tmp_t, pegasus_tmp_t, pinentry_exec_t, ping_exec_t, piranha_log_t, piranha_web_tmp_t, pkcs_slotd_log_t, pkcs_slotd_tmp_t, pki_ra_etc_rw_t, pki_ra_log_t, pki_ra_var_lib_t, pki_ra_var_run_t, pki_tomcat_cert_t, pki_tomcat_log_t, pki_tomcat_tmp_t, pki_tps_etc_rw_t, pki_tps_log_t, pki_tps_var_lib_t, pki_tps_var_run_t, plymouth_exec_t, plymouthd_var_log_t, podsleuth_exec_t, podsleuth_tmp_t, podsleuth_tmpfs_t, policykit_auth_exec_t, policykit_exec_t, policykit_grant_exec_t, policykit_resolve_exec_t, policykit_tmp_t, polipo_exec_t, polipo_log_t, portmap_helper_exec_t, portmap_tmp_t, postfix_bounce_tmp_t, postfix_cleanup_tmp_t, postfix_exec_t, postfix_local_tmp_t, postfix_map_exec_t, postfix_map_tmp_t, postfix_pickup_tmp_t, postfix_pipe_tmp_t, postfix_postdrop_exec_t, postfix_postdrop_t, postfix_postqueue_exec_t, postfix_qmgr_tmp_t, postfix_showq_exec_t, postfix_smtp_tmp_t, postfix_smtpd_tmp_t, postfix_virtual_tmp_t, postgresql_log_t, postgresql_tmp_t, pppd_exec_t, pppd_log_t, pppd_tmp_t, pptp_log_t, prelink_exec_t, prelink_log_t, prelink_tmp_t, prelude_lml_tmp_t, prelude_log_t, preupgrade_data_t, preupgrade_exec_t, prewikka_content_t, prewikka_htaccess_t, prewikka_ra_content_t, prewikka_rw_content_t, prewikka_script_exec_t, privoxy_log_t, proc_t, procmail_exec_t, procmail_log_t, procmail_tmp_t, prosody_log_t, prosody_tmp_t, psad_tmp_t, psad_var_log_t, ptchown_exec_t, public_content_rw_t, public_content_t, pulseaudio_exec_t, pulseaudio_tmpfs_t, puppet_log_t, puppet_tmp_t, puppet_var_lib_t, puppetca_exec_t, puppetmaster_tmp_t, pwauth_exec_t, pyicqt_log_t, qdiskd_var_log_t, qemu_exec_t, qmail_tcp_env_exec_t, qpidd_tmp_t, quota_exec_t, rabbitmq_var_log_t, racoon_tmp_t, radiusd_log_t, readahead_exec_t, realmd_exec_t, realmd_tmp_t, realmd_var_lib_t, redis_log_t, rhev_agentd_log_t, rhev_agentd_tmp_t, rhsmcertd_exec_t, rhsmcertd_log_t, rhsmcertd_tmp_t, ricci_modcluster_var_log_t, ricci_tmp_t, ricci_var_log_t, rkhunter_var_lib_t, rlogind_tmp_t, rpcbind_tmp_t, rpm_exec_t, rpm_log_t, rpm_script_tmp_t, rpm_tmp_t, rssh_chroot_helper_exec_t, rssh_exec_t, rsync_exec_t, rsync_log_t, rsync_tmp_t, rtas_errd_log_t, rtas_errd_tmp_t, rtkit_daemon_exec_t, run_init_exec_t, samba_etc_t, samba_log_t, samba_net_exec_t, samba_net_tmp_t, samba_var_t, sambagui_exec_t, sanlock_log_t, sbd_tmpfs_t, sblim_tmp_t, screen_exec_t, secadm_sudo_tmp_t, sectool_tmp_t, sectool_var_log_t, sectoolm_exec_t, security_t, selinux_munin_plugin_exec_t, selinux_munin_plugin_tmp_t, semanage_exec_t, semanage_tmp_t, sendmail_exec_t, sendmail_log_t, sendmail_tmp_t, sensord_log_t, services_munin_plugin_exec_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, setfiles_exec_t, setkey_exec_t, setroubleshoot_fixit_exec_t, setroubleshoot_var_log_t, setroubleshootd_exec_t, setsebool_exec_t, seunshare_exec_t, sge_job_exec_t, sge_shepherd_exec_t, sge_tmp_t, shell_exec_t, shorewall_log_t, shorewall_tmp_t, showmount_exec_t, slapd_cert_t, slapd_log_t, slapd_tmp_t, slpd_log_t, smbcontrol_exec_t, smbd_tmp_t, smokeping_cgi_content_t, smokeping_cgi_htaccess_t, smokeping_cgi_ra_content_t, smokeping_cgi_rw_content_t, smokeping_cgi_script_exec_t, smokeping_var_lib_t, smokeping_var_run_t, smoltclient_exec_t, smoltclient_tmp_t, smsd_log_t, smsd_tmp_t, snapperd_exec_t, snapperd_log_t, snmpd_log_t, snort_log_t, snort_tmp_t, sosreport_exec_t, sosreport_tmp_t, soundd_tmp_t, spamc_exec_t, spamc_tmp_t, spamd_log_t, spamd_tmp_t, spamd_update_exec_t, speech-dispatcher_exec_t, speech-dispatcher_log_t, speech-dispatcher_tmp_t, squid_content_t, squid_cron_exec_t, squid_htaccess_t, squid_log_t, squid_ra_content_t, squid_rw_content_t, squid_script_exec_t, squid_tmp_t, squirrelmail_spool_t, src_t, ssh_agent_exec_t, ssh_agent_tmp_t, ssh_exec_t, ssh_keygen_exec_t, ssh_keygen_tmp_t, ssh_keysign_exec_t, ssh_tmpfs_t, sssd_public_t, sssd_selinux_manager_exec_t, sssd_var_lib_t, sssd_var_log_t, staff_sudo_tmp_t, stapserver_log_t, stapserver_tmp_t, stunnel_log_t, stunnel_tmp_t, su_exec_t, sudo_exec_t, sulogin_exec_t, svc_multilog_exec_t, svc_run_exec_t, svc_start_exec_t, svirt_tmp_t, svnserve_log_t, svnserve_tmp_t, swat_tmp_t, swift_tmp_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, sysfs_t, syslogd_tmp_t, sysstat_exec_t, sysstat_log_t, system_conf_t, system_cronjob_tmp_t, system_db_t, system_dbusd_tmp_t, system_dbusd_var_lib_t, system_mail_tmp_t, system_munin_plugin_exec_t, system_munin_plugin_tmp_t, systemd_passwd_var_run_t, targetd_tmp_t, tcpd_tmp_t, telepathy_gabble_exec_t, telepathy_gabble_tmp_t, telepathy_idle_exec_t, telepathy_idle_tmp_t, telepathy_logger_exec_t, telepathy_logger_tmp_t, telepathy_mission_control_exec_t, telepathy_mission_control_tmp_t, telepathy_msn_exec_t, telepathy_msn_tmp_t, telepathy_salut_exec_t, telepathy_salut_tmp_t, telepathy_sofiasip_exec_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_exec_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_exec_t, telepathy_sunshine_tmp_t, telnetd_tmp_t, tetex_data_t, textrel_shlib_t, tgtd_tmp_t, thin_aeolus_configserver_log_t, thin_log_t, thumb_exec_t, thumb_tmp_t, tmp_t, tmpreaper_exec_t, tomcat_log_t, tomcat_tmp_t, tor_var_log_t, traceroute_exec_t, tuned_log_t, tuned_tmp_t, tvtime_exec_t, tvtime_tmp_t, tvtime_tmpfs_t, udev_tmp_t, udev_var_run_t, ulogd_var_log_t, uml_exec_t, uml_tmp_t, uml_tmpfs_t, unconfined_exec_t, unconfined_munin_plugin_exec_t, unconfined_munin_plugin_tmp_t, update_modules_exec_t, update_modules_tmp_t, updfstab_exec_t, usbmodules_exec_t, usbmuxd_exec_t, user_cron_spool_t, user_fonts_t, user_home_t, user_mail_tmp_t, user_tmp_t, useradd_exec_t, userhelper_exec_t, usernetctl_exec_t, usr_t, utempter_exec_t, uucpd_log_t, uucpd_tmp_t, uux_exec_t, var_lib_t, var_log_t, var_spool_t, varnishd_tmp_t, varnishlog_log_t, vdagent_log_t, virsh_exec_t, virt_log_t, virt_qemu_ga_log_t, virt_qemu_ga_tmp_t, virt_qemu_ga_unconfined_exec_t, virt_tmp_t, virtd_lxc_exec_t, vlock_exec_t, vmtools_helper_exec_t, vmtools_tmp_t, vmware_exec_t, vmware_host_tmp_t, vmware_log_t, vmware_tmp_t, vmware_tmpfs_t, vnstat_exec_t, vpnc_exec_t, vpnc_tmp_t, w3c_validator_content_t, w3c_validator_htaccess_t, w3c_validator_ra_content_t, w3c_validator_rw_content_t, w3c_validator_script_exec_t, w3c_validator_tmp_t, watchdog_log_t, watchdog_unconfined_exec_t, webadm_tmp_t, webalizer_content_t, webalizer_exec_t, webalizer_htaccess_t, webalizer_ra_content_t, webalizer_rw_content_t, webalizer_script_exec_t, webalizer_tmp_t, winbind_log_t, wine_exec_t, wireshark_exec_t, wireshark_tmp_t, wireshark_tmpfs_t, wpa_cli_exec_t, wtmp_t, xauth_exec_t, xauth_tmp_t, xdm_exec_t, xdm_log_t, xdm_unconfined_exec_t, xend_tmp_t, xend_var_log_t, xenstored_tmp_t, xenstored_var_log_t, xferlog_t, xserver_exec_t, xserver_log_t, xserver_tmpfs_t, ypbind_tmp_t, ypserv_tmp_t, zabbix_log_t, zabbix_script_exec_t, zabbix_tmp_t, zarafa_deliver_log_t, zarafa_deliver_tmp_t, zarafa_gateway_log_t, zarafa_ical_log_t, zarafa_indexer_log_t, zarafa_indexer_tmp_t, zarafa_monitor_log_t, zarafa_server_log_t, zarafa_server_tmp_t, zarafa_spooler_log_t, zarafa_var_lib_t, zebra_log_t, zebra_tmp_t, zoneminder_content_t, zoneminder_exec_t, zoneminder_htaccess_t, zoneminder_log_t, zoneminder_ra_content_t, zoneminder_rw_content_t, zoneminder_script_exec_t, zoneminder_var_lib_t, zos_remote_exec_t.
  647. Then execute:
  648. restorecon -v '/srv/myapp/myapp.py'
  649.  
  650.  
  651. ***** Plugin catchall (17.1 confidence) suggests **************************
  652.  
  653. If you believe that httpd should be allowed getattr access on the myapp.py file by default.
  654. Then you should report this as a bug.
  655. You can generate a local policy module to allow this access.
  656. Do
  657. allow this access for now by executing:
  658. # ausearch -c 'httpd' --raw | audit2allow -M my-httpd
  659. # semodule -i my-httpd.pp
  660.  
  661.  
  662. Additional Information:
  663. Source Context system_u:system_r:httpd_t:s0
  664. Target Context unconfined_u:object_r:var_t:s0
  665. Target Objects /srv/myapp/myapp.py [ file ]
  666. Source httpd
  667. Source Path /usr/sbin/httpd
  668. Port <Unknown>
  669. Host <Unknown>
  670. Source RPM Packages httpd-2.4.6-80.el7.centos.1.x86_64
  671. Target RPM Packages
  672. Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
  673. Selinux Enabled True
  674. Policy Type targeted
  675. Enforcing Mode Permissive
  676. Host Name vm1
  677. Platform Linux vm1 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue
  678. Aug 14 21:49:04 UTC 2018 x86_64 x86_64
  679. Alert Count 1
  680. First Seen 2018-09-10 08:09:45 UTC
  681. Last Seen 2018-09-10 08:09:45 UTC
  682. Local ID e3e4a55c-db1b-43d7-a369-ee788ac5fcdf
  683.  
  684. Raw Audit Messages
  685. type=AVC msg=audit(1536566985.960:291): avc: denied { getattr } for pid=1524 comm="httpd" path="/srv/myapp/myapp.py" dev="sda1" ino=25292922 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
  686.  
  687.  
  688. type=SYSCALL msg=audit(1536566985.960:291): arch=x86_64 syscall=stat success=yes exit=0 a0=557e0ed7fef8 a1=7ffc55ea7880 a2=7ffc55ea7880 a3=7f66c38c4712 items=0 ppid=1521 pid=1524 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
  689.  
  690. Hash: httpd,httpd_t,var_t,file,getattr
  691.  
  692. --------------------------------------------------------------------------------
  693.  
  694. SELinux is preventing /usr/sbin/httpd from read access on the file myapp.py.
  695.  
  696. ***** Plugin catchall_labels (83.8 confidence) suggests *******************
  697.  
  698. If you want to allow httpd to have read access on the myapp.py file
  699. Then you need to change the label on myapp.py
  700. Do
  701. # semanage fcontext -a -t FILE_TYPE 'myapp.py'
  702. where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_spool_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, accountsd_exec_t, acct_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, afs_cache_t, aide_exec_t, alsa_exec_t, alsa_tmp_t, amanda_exec_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_tmp_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, apcupsd_cgi_script_exec_t, apcupsd_tmp_t, apm_exec_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, authconfig_exec_t, automount_tmp_t, avahi_exec_t, awstats_content_t, awstats_htaccess_t, awstats_ra_content_t, awstats_rw_content_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bin_t, bitlbee_tmp_t, blueman_exec_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, bugzilla_content_t, bugzilla_htaccess_t, bugzilla_ra_content_t, bugzilla_rw_content_t, bugzilla_script_exec_t, bugzilla_tmp_t, calamaris_exec_t, calamaris_www_t, cardctl_exec_t, cardmgr_dev_t, ccs_tmp_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmonger_unconfined_exec_t, certwatch_exec_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cluster_conf_t, cluster_tmp_t, cluster_var_lib_t, cluster_var_run_t, cobbler_etc_t, cobbler_tmp_t, cobbler_var_lib_t, cockpit_tmp_t, collectd_content_t, collectd_htaccess_t, collectd_ra_content_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_tmp_t, conman_unconfined_script_exec_t, consolehelper_exec_t, consolekit_exec_t, container_runtime_tmp_t, couchdb_tmp_t, courier_exec_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_content_t, cvs_data_t, cvs_exec_t, cvs_htaccess_t, cvs_ra_content_t, cvs_rw_content_t, cvs_script_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_tmp_t, depmod_exec_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, dhcpc_exec_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_config_t, dirsrv_share_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_content_t, dirsrvadmin_htaccess_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dmesg_exec_t, dmidecode_exec_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, drbd_tmp_t, dspam_content_t, dspam_htaccess_t, dspam_ra_content_t, dspam_rw_content_t, dspam_script_exec_t, etc_runtime_t, etc_t, exim_exec_t, exim_tmp_t, fail2ban_client_exec_t, fail2ban_tmp_t, fail2ban_var_lib_t, fenced_tmp_t, fetchmail_exec_t, file_context_t, firewalld_exec_t, firewalld_tmp_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, fonts_cache_t, fonts_t, fprintd_exec_t, freqset_exec_t, fsadm_exec_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, games_exec_t, games_tmp_t, games_tmpfs_t, ganesha_tmp_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_tmp_t, git_content_t, git_htaccess_t, git_ra_content_t, git_rw_content_t, git_script_exec_t, git_script_tmp_t, git_sys_content_t, gitd_exec_t, gitosis_exec_t, gitosis_var_lib_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, glusterd_tmp_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, gpsd_exec_t, groupadd_exec_t, gssd_tmp_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_cache_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_keytab_t, httpd_lock_t, httpd_log_t, httpd_modules_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_squirrelmail_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_htaccess_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_tmpfs_t, httpd_unconfined_script_exec_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_var_lib_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, iceauth_exec_t, icecast_exec_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, insmod_exec_t, install_exec_t, iotop_exec_t, ipa_cert_t, ipa_helper_exec_t, ipa_tmp_t, ipa_var_lib_t, ipa_var_run_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_tmp_t, irc_exec_t, irssi_exec_t, iscsi_tmp_t, iso9660_t, jetty_cache_t, jetty_log_t, jetty_var_lib_t, jetty_var_run_t, jockey_exec_t, journalctl_exec_t, kadmind_tmp_t, kdump_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_unconfined_script_exec_t, keystone_cgi_content_t, keystone_cgi_htaccess_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, keystone_cgi_script_exec_t, keystone_tmp_t, kismet_exec_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_conf_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, livecd_exec_t, livecd_tmp_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_archive_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_data_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man2html_content_t, man2html_htaccess_t, man2html_ra_content_t, man2html_rw_content_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mcelog_exec_t, mdadm_tmp_t, mediawiki_content_t, mediawiki_htaccess_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_script_exec_t, mediawiki_tmp_t, mencoder_exec_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_lib_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, mojomojo_content_t, mojomojo_htaccess_t, mojomojo_ra_content_t, mojomojo_rw_content_t, mojomojo_script_exec_t, mojomojo_tmp_t, mongod_tmp_t, mount_ecryptfs_exec_t, mount_exec_t, mount_tmp_t, mozilla_exec_t, mozilla_plugin_config_exec_t, mozilla_plugin_exec_t, mozilla_plugin_tmp_t, mozilla_plugin_tmpfs_t, mozilla_tmp_t, mozilla_tmpfs_t, mpd_exec_t, mpd_tmp_t, mplayer_exec_t, mplayer_tmpfs_t, mrtg_exec_t, mscan_tmp_t, munin_content_t, munin_etc_t, munin_htaccess_t, munin_ra_content_t, munin_rw_content_t, munin_script_exec_t, munin_script_tmp_t, munin_tmp_t, mysqld_etc_t, mysqld_tmp_t, mythtv_content_t, mythtv_htaccess_t, mythtv_ra_content_t, mythtv_rw_content_t, mythtv_script_exec_t, nagios_admin_plugin_exec_t, nagios_checkdisk_plugin_exec_t, nagios_content_t, nagios_etc_t, nagios_eventhandler_plugin_exec_t, nagios_eventhandler_plugin_tmp_t, nagios_htaccess_t, nagios_log_t, nagios_mail_plugin_exec_t, nagios_openshift_plugin_exec_t, nagios_openshift_plugin_tmp_t, nagios_ra_content_t, nagios_rw_content_t, nagios_script_exec_t, nagios_services_plugin_exec_t, nagios_system_plugin_exec_t, nagios_system_plugin_tmp_t, nagios_tmp_t, nagios_unconfined_plugin_exec_t, nagios_var_lib_t, named_checkconf_exec_t, named_exec_t, named_tmp_t, namespace_init_exec_t, ncftool_exec_t, ndc_exec_t, net_conf_t, netlabel_mgmt_exec_t, netutils_exec_t, netutils_tmp_t, neutron_tmp_t, newrole_exec_t, nova_tmp_t, nsd_tmp_t, ntop_tmp_t, ntpd_tmp_t, ntpdate_exec_t, nut_upsd_tmp_t, nut_upsdrvctl_tmp_t, nut_upsmon_tmp_t, nutups_cgi_content_t, nutups_cgi_htaccess_t, nutups_cgi_ra_content_t, nutups_cgi_rw_content_t, nutups_cgi_script_exec_t, nx_server_tmp_t, obex_exec_t, oddjob_mkhomedir_exec_t, opendnssec_tmp_t, openshift_cgroup_read_exec_t, openshift_cgroup_read_tmp_t, openshift_content_t, openshift_cron_tmp_t, openshift_htaccess_t, openshift_initrc_tmp_t, openshift_net_read_exec_t, openshift_ra_content_t, openshift_rw_content_t, openshift_script_exec_t, openshift_tmp_t, openvpn_tmp_t, openvswitch_tmp_t, openwsman_tmp_t, oracleasm_tmp_t, pads_exec_t, pam_console_exec_t, pam_timestamp_tmp_t, passenger_exec_t, passenger_tmp_t, passenger_var_lib_t, passenger_var_run_t, passwd_exec_t, passwd_file_t, pcp_tmp_t, pcscd_var_run_t, pegasus_openlmi_storage_tmp_t, pegasus_tmp_t, pinentry_exec_t, ping_exec_t, piranha_web_tmp_t, pkcs_slotd_tmp_t, pki_ra_etc_rw_t, pki_ra_log_t, pki_ra_var_lib_t, pki_ra_var_run_t, pki_tomcat_cert_t, pki_tomcat_tmp_t, pki_tps_etc_rw_t, pki_tps_log_t, pki_tps_var_lib_t, pki_tps_var_run_t, plymouth_exec_t, podsleuth_exec_t, podsleuth_tmp_t, podsleuth_tmpfs_t, policykit_auth_exec_t, policykit_exec_t, policykit_grant_exec_t, policykit_resolve_exec_t, policykit_tmp_t, polipo_exec_t, portmap_helper_exec_t, portmap_tmp_t, postfix_bounce_tmp_t, postfix_cleanup_tmp_t, postfix_exec_t, postfix_local_tmp_t, postfix_map_exec_t, postfix_map_tmp_t, postfix_pickup_tmp_t, postfix_pipe_tmp_t, postfix_postdrop_exec_t, postfix_postdrop_t, postfix_postqueue_exec_t, postfix_qmgr_tmp_t, postfix_showq_exec_t, postfix_smtp_tmp_t, postfix_smtpd_tmp_t, postfix_virtual_tmp_t, postgresql_tmp_t, pppd_exec_t, pppd_tmp_t, prelink_exec_t, prelink_tmp_t, prelude_lml_tmp_t, preupgrade_data_t, preupgrade_exec_t, prewikka_content_t, prewikka_htaccess_t, prewikka_ra_content_t, prewikka_rw_content_t, prewikka_script_exec_t, proc_t, procmail_exec_t, procmail_tmp_t, prosody_tmp_t, psad_tmp_t, ptchown_exec_t, public_content_rw_t, public_content_t, pulseaudio_exec_t, pulseaudio_tmpfs_t, puppet_tmp_t, puppet_var_lib_t, puppetca_exec_t, puppetmaster_tmp_t, pwauth_exec_t, qemu_exec_t, qmail_tcp_env_exec_t, qpidd_tmp_t, quota_exec_t, racoon_tmp_t, readahead_exec_t, realmd_exec_t, realmd_tmp_t, realmd_var_lib_t, rhev_agentd_tmp_t, rhsmcertd_exec_t, rhsmcertd_tmp_t, ricci_tmp_t, rlogind_tmp_t, rpcbind_tmp_t, rpm_exec_t, rpm_script_tmp_t, rpm_tmp_t, rssh_chroot_helper_exec_t, rssh_exec_t, rsync_exec_t, rsync_tmp_t, rtas_errd_tmp_t, rtkit_daemon_exec_t, run_init_exec_t, samba_etc_t, samba_net_exec_t, samba_net_tmp_t, samba_var_t, sambagui_exec_t, sbd_tmpfs_t, sblim_tmp_t, screen_exec_t, secadm_sudo_tmp_t, sectool_tmp_t, sectoolm_exec_t, security_t, selinux_munin_plugin_exec_t, selinux_munin_plugin_tmp_t, semanage_exec_t, semanage_tmp_t, sendmail_exec_t, sendmail_tmp_t, services_munin_plugin_exec_t, services_munin_plugin_tmp_t, session_dbusd_tmp_t, setfiles_exec_t, setkey_exec_t, setroubleshoot_fixit_exec_t, setroubleshootd_exec_t, setsebool_exec_t, seunshare_exec_t, sge_job_exec_t, sge_shepherd_exec_t, sge_tmp_t, shell_exec_t, shorewall_tmp_t, showmount_exec_t, slapd_cert_t, slapd_tmp_t, smbcontrol_exec_t, smbd_tmp_t, smokeping_cgi_content_t, smokeping_cgi_htaccess_t, smokeping_cgi_ra_content_t, smokeping_cgi_rw_content_t, smokeping_cgi_script_exec_t, smokeping_var_lib_t, smokeping_var_run_t, smoltclient_exec_t, smoltclient_tmp_t, smsd_tmp_t, snapperd_exec_t, snort_tmp_t, sosreport_exec_t, sosreport_tmp_t, soundd_tmp_t, spamc_exec_t, spamc_tmp_t, spamd_tmp_t, spamd_update_exec_t, speech-dispatcher_exec_t, speech-dispatcher_tmp_t, squid_content_t, squid_cron_exec_t, squid_htaccess_t, squid_ra_content_t, squid_rw_content_t, squid_script_exec_t, squid_tmp_t, squirrelmail_spool_t, src_t, ssh_agent_exec_t, ssh_agent_tmp_t, ssh_exec_t, ssh_keygen_exec_t, ssh_keygen_tmp_t, ssh_keysign_exec_t, ssh_tmpfs_t, sssd_public_t, sssd_selinux_manager_exec_t, sssd_var_lib_t, staff_sudo_tmp_t, stapserver_tmp_t, stunnel_tmp_t, su_exec_t, sudo_exec_t, sulogin_exec_t, svc_multilog_exec_t, svc_run_exec_t, svc_start_exec_t, svirt_tmp_t, svnserve_tmp_t, swat_tmp_t, swift_tmp_t, sysadm_passwd_tmp_t, sysadm_sudo_tmp_t, sysfs_t, syslogd_tmp_t, sysstat_exec_t, system_conf_t, system_cronjob_tmp_t, system_db_t, system_dbusd_tmp_t, system_dbusd_var_lib_t, system_mail_tmp_t, system_munin_plugin_exec_t, system_munin_plugin_tmp_t, systemd_passwd_var_run_t, targetd_tmp_t, tcpd_tmp_t, telepathy_gabble_exec_t, telepathy_gabble_tmp_t, telepathy_idle_exec_t, telepathy_idle_tmp_t, telepathy_logger_exec_t, telepathy_logger_tmp_t, telepathy_mission_control_exec_t, telepathy_mission_control_tmp_t, telepathy_msn_exec_t, telepathy_msn_tmp_t, telepathy_salut_exec_t, telepathy_salut_tmp_t, telepathy_sofiasip_exec_t, telepathy_sofiasip_tmp_t, telepathy_stream_engine_exec_t, telepathy_stream_engine_tmp_t, telepathy_sunshine_exec_t, telepathy_sunshine_tmp_t, telnetd_tmp_t, tetex_data_t, textrel_shlib_t, tgtd_tmp_t, thumb_exec_t, thumb_tmp_t, tmp_t, tmpreaper_exec_t, tomcat_tmp_t, traceroute_exec_t, tuned_tmp_t, tvtime_exec_t, tvtime_tmp_t, tvtime_tmpfs_t, udev_tmp_t, udev_var_run_t, uml_exec_t, uml_tmp_t, uml_tmpfs_t, unconfined_exec_t, unconfined_munin_plugin_exec_t, unconfined_munin_plugin_tmp_t, update_modules_exec_t, update_modules_tmp_t, updfstab_exec_t, usbmodules_exec_t, usbmuxd_exec_t, user_cron_spool_t, user_fonts_t, user_mail_tmp_t, user_tmp_t, useradd_exec_t, userhelper_exec_t, usernetctl_exec_t, usr_t, utempter_exec_t, uucpd_tmp_t, uux_exec_t, var_lib_t, var_spool_t, varnishd_tmp_t, virsh_exec_t, virt_qemu_ga_tmp_t, virt_qemu_ga_unconfined_exec_t, virt_tmp_t, virtd_lxc_exec_t, vlock_exec_t, vmtools_helper_exec_t, vmtools_tmp_t, vmware_exec_t, vmware_host_tmp_t, vmware_tmp_t, vmware_tmpfs_t, vnstat_exec_t, vpnc_exec_t, vpnc_tmp_t, w3c_validator_content_t, w3c_validator_htaccess_t, w3c_validator_ra_content_t, w3c_validator_rw_content_t, w3c_validator_script_exec_t, w3c_validator_tmp_t, watchdog_unconfined_exec_t, webadm_tmp_t, webalizer_content_t, webalizer_exec_t, webalizer_htaccess_t, webalizer_ra_content_t, webalizer_rw_content_t, webalizer_script_exec_t, webalizer_tmp_t, wine_exec_t, wireshark_exec_t, wireshark_tmp_t, wireshark_tmpfs_t, wpa_cli_exec_t, xauth_exec_t, xauth_tmp_t, xdm_exec_t, xdm_unconfined_exec_t, xend_tmp_t, xenstored_tmp_t, xserver_exec_t, xserver_tmpfs_t, ypbind_tmp_t, ypserv_tmp_t, zabbix_script_exec_t, zabbix_tmp_t, zarafa_deliver_tmp_t, zarafa_indexer_tmp_t, zarafa_server_tmp_t, zarafa_var_lib_t, zebra_tmp_t, zoneminder_content_t, zoneminder_exec_t, zoneminder_htaccess_t, zoneminder_ra_content_t, zoneminder_rw_content_t, zoneminder_script_exec_t, zoneminder_var_lib_t, zos_remote_exec_t.
  703. Then execute:
  704. restorecon -v 'myapp.py'
  705.  
  706.  
  707. ***** Plugin catchall (17.1 confidence) suggests **************************
  708.  
  709. If you believe that httpd should be allowed read access on the myapp.py file by default.
  710. Then you should report this as a bug.
  711. You can generate a local policy module to allow this access.
  712. Do
  713. allow this access for now by executing:
  714. # ausearch -c 'httpd' --raw | audit2allow -M my-httpd
  715. # semodule -i my-httpd.pp
  716.  
  717.  
  718. Additional Information:
  719. Source Context system_u:system_r:httpd_t:s0
  720. Target Context unconfined_u:object_r:var_t:s0
  721. Target Objects myapp.py [ file ]
  722. Source httpd
  723. Source Path /usr/sbin/httpd
  724. Port <Unknown>
  725. Host <Unknown>
  726. Source RPM Packages httpd-2.4.6-80.el7.centos.1.x86_64
  727. Target RPM Packages
  728. Policy RPM selinux-policy-3.13.1-192.el7_5.6.noarch
  729. Selinux Enabled True
  730. Policy Type targeted
  731. Enforcing Mode Permissive
  732. Host Name vm1
  733. Platform Linux vm1 3.10.0-862.11.6.el7.x86_64 #1 SMP Tue
  734. Aug 14 21:49:04 UTC 2018 x86_64 x86_64
  735. Alert Count 1
  736. First Seen 2018-09-10 08:09:45 UTC
  737. Last Seen 2018-09-10 08:09:45 UTC
  738. Local ID 4d40a98d-d33f-4a00-9ea8-661294094685
  739.  
  740. Raw Audit Messages
  741. type=AVC msg=audit(1536566985.961:292): avc: denied { read } for pid=1524 comm="httpd" name="myapp.py" dev="sda1" ino=25292922 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
  742.  
  743.  
  744. type=AVC msg=audit(1536566985.961:292): avc: denied { open } for pid=1524 comm="httpd" path="/srv/myapp/myapp.py" dev="sda1" ino=25292922 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file
  745.  
  746.  
  747. type=SYSCALL msg=audit(1536566985.961:292): arch=x86_64 syscall=open success=yes exit=ECHILD a0=557e0ed7ffc0 a1=80000 a2=1b6 a3=1 items=0 ppid=1521 pid=1524 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=httpd exe=/usr/sbin/httpd subj=system_u:system_r:httpd_t:s0 key=(null)
  748.  
  749. Hash: httpd,httpd_t,var_t,file,read
  750.  
  751. [root@vm1 conf.d]# cd /srv/myapp/
  752. [root@vm1 myapp]# ll
  753. total 4
  754. -rwxr-x---. 1 apache apache 278 Sep 10 08:02 myapp.py
  755. [root@vm1 myapp]# ls -lZ
  756. -rwxr-x---. apache apache unconfined_u:object_r:var_t:s0 myapp.py
  757. [root@vm1 myapp]# yum install policycoreutils-{python,devel}
  758. Loaded plugins: fastestmirror
  759. Loading mirror speeds from cached hostfile
  760. * base: mirror.steadfastnet.com
  761. * epel: mirror.steadfastnet.com
  762. * extras: ftpmirror.your.org
  763. * updates: mirrors.liquidweb.com
  764. Package policycoreutils-python-2.5-22.el7.x86_64 already installed and latest version
  765. Resolving Dependencies
  766. --> Running transaction check
  767. ---> Package policycoreutils-devel.x86_64 0:2.5-22.el7 will be installed
  768. --> Processing Dependency: selinux-policy-devel for package: policycoreutils-devel-2.5-22.el7.x86_64
  769. --> Running transaction check
  770. ---> Package selinux-policy-devel.noarch 0:3.13.1-192.el7_5.6 will be installed
  771. --> Processing Dependency: m4 for package: selinux-policy-devel-3.13.1-192.el7_5.6.noarch
  772. --> Running transaction check
  773. ---> Package m4.x86_64 0:1.4.16-10.el7 will be installed
  774. --> Finished Dependency Resolution
  775.  
  776. Dependencies Resolved
  777.  
  778. =============================================================================================================================================================
  779. Package Arch Version Repository Size
  780. =============================================================================================================================================================
  781. Installing:
  782. policycoreutils-devel x86_64 2.5-22.el7 base 333 k
  783. Installing for dependencies:
  784. m4 x86_64 1.4.16-10.el7 base 256 k
  785. selinux-policy-devel noarch 3.13.1-192.el7_5.6 updates 1.7 M
  786.  
  787. Transaction Summary
  788. =============================================================================================================================================================
  789. Install 1 Package (+2 Dependent packages)
  790.  
  791. Total download size: 2.2 M
  792. Installed size: 24 M
  793. Is this ok [y/d/N]: y
  794. Downloading packages:
  795. (1/3): policycoreutils-devel-2.5-22.el7.x86_64.rpm | 333 kB 00:00:00
  796. (2/3): m4-1.4.16-10.el7.x86_64.rpm | 256 kB 00:00:00
  797. (3/3): selinux-policy-devel-3.13.1-192.el7_5.6.noarch.rpm | 1.7 MB 00:00:00
  798. -------------------------------------------------------------------------------------------------------------------------------------------------------------
  799. Total 4.7 MB/s | 2.2 MB 00:00:00
  800. Running transaction check
  801. Running transaction test
  802. Transaction test succeeded
  803. Running transaction
  804. Installing : m4-1.4.16-10.el7.x86_64 1/3
  805. Installing : policycoreutils-devel-2.5-22.el7.x86_64 2/3
  806. Installing : selinux-policy-devel-3.13.1-192.el7_5.6.noarch 3/3
  807. Verifying : m4-1.4.16-10.el7.x86_64 1/3
  808. Verifying : policycoreutils-devel-2.5-22.el7.x86_64 2/3
  809. Verifying : selinux-policy-devel-3.13.1-192.el7_5.6.noarch 3/3
  810.  
  811. Installed:
  812. policycoreutils-devel.x86_64 0:2.5-22.el7
  813.  
  814. Dependency Installed:
  815. m4.x86_64 0:1.4.16-10.el7 selinux-policy-devel.noarch 0:3.13.1-192.el7_5.6
  816.  
  817. Complete!
  818. [root@vm1 myapp]# yum install bash-completion
  819. Loaded plugins: fastestmirror
  820. Loading mirror speeds from cached hostfile
  821. * base: mirror.steadfastnet.com
  822. * epel: mirror.steadfastnet.com
  823. * extras: ftpmirror.your.org
  824. * updates: mirrors.liquidweb.com
  825. Resolving Dependencies
  826. --> Running transaction check
  827. ---> Package bash-completion.noarch 1:2.1-6.el7 will be installed
  828. --> Finished Dependency Resolution
  829.  
  830. Dependencies Resolved
  831.  
  832. =============================================================================================================================================================
  833. Package Arch Version Repository Size
  834. =============================================================================================================================================================
  835. Installing:
  836. bash-completion noarch 1:2.1-6.el7 base 85 k
  837.  
  838. Transaction Summary
  839. =============================================================================================================================================================
  840. Install 1 Package
  841.  
  842. Total download size: 85 k
  843. Installed size: 259 k
  844. Is this ok [y/d/N]: y
  845. Downloading packages:
  846. bash-completion-2.1-6.el7.noarch.rpm | 85 kB 00:00:00
  847. Running transaction check
  848. Running transaction test
  849. Transaction test succeeded
  850. Running transaction
  851. Installing : 1:bash-completion-2.1-6.el7.noarch 1/1
  852. Verifying : 1:bash-completion-2.1-6.el7.noarch 1/1
  853.  
  854. Installed:
  855. bash-completion.noarch 1:2.1-6.el7
  856.  
  857. Complete!
  858. [root@vm1 myapp]# semanage fcontext -a -t httpd_sys_content_t "/srv/myapp(/.*)?"
  859. [root@vm1 myapp]# restorecon -RFvv /srv
  860. restorecon reset /srv/myapp context system_u:object_r:var_t:s0->system_u:object_r:httpd_sys_content_t:s0
  861. restorecon reset /srv/myapp/myapp.py context system_u:object_r:var_t:s0->system_u:object_r:httpd_sys_content_t:s0
  862. [root@vm1 myapp]# setenforce 0
  863. [root@vm1 myapp]# curl http://vm1.c.sixth-wave-179410.internal/myapp/
  864. Hello World![root@vm1 myapp]# cd /etc/httpd/conf.d/
  865. [root@vm1 conf.d]# vim virtual1.conf
  866. [root@vm1 conf.d]# systemctl restart httpd
  867. [root@vm1 conf.d]# curl http://vm1.c.sixth-wave-179410.internal/
  868. Hello World![root@vm1 conf.d]#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!