Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

How to configure with SELinux

Help
2008-01-04
2013-04-08
  • Summary
        SELinux is preventing the /usr/sbin/validate from using potentially
        mislabeled files <Unknown> (shadow_t).

    Detailed Description
        SELinux has denied the /usr/sbin/validate access to potentially mislabeled
        files <Unknown>.  This means that SELinux will not allow httpd to use these
        files.  Many third party apps install html files in directories that SELinux
        policy cannot predict.  These directories have to be labeled with a file
        context which httpd can access.

    Allowing Access
        If you want to change the file context of <Unknown> so that the httpd daemon
        can access it, you need to execute it using chcon -t httpd_sys_content_t
        <Unknown>.  You can look at the httpd_selinux man page for additional
        information.

    Additional Information

    Source Context                system_u:system_r:httpd_t:s0
    Target Context                system_u:object_r:shadow_t:s0
    Target Objects                None [ file ]
    Affected RPM Packages         mod_auth_shadow-2.2-3.fc7 [application]
    Policy RPM                    selinux-policy-3.0.8-72.fc8
    Selinux Enabled               True
    Policy Type                   targeted
    MLS Enabled                   True
    Enforcing Mode                Enforcing
    Plugin Name                   plugins.httpd_bad_labels
    Host Name                     localhost.localdomain
    Platform                      Linux localhost.localdomain 2.6.23.9-85.fc8 #1 SMP
                                  Fri Dec 7 15:49:59 EST 2007 i686 i686
    Alert Count                   7
    First Seen                    Thu Jan  3 23:35:49 2008
    Last Seen                     Thu Jan  3 23:56:38 2008
    Local ID                      a1df5aeb-e899-431f-9938-8318f0e8453a
    Line Numbers

    Raw Audit Messages

    avc: denied { read } for comm=validate dev=dm-3 egid=48 euid=0
    exe=/usr/sbin/validate exit=-13 fsgid=48 fsuid=0 gid=48 items=0 name=shadow
    pid=31596 scontext=system_u:system_r:httpd_t:s0 sgid=48
    subj=system_u:system_r:httpd_t:s0 suid=0 tclass=file
    tcontext=system_u:object_r:shadow_t:s0 tty=(none) uid=48