0

I'm getting following message in my /var/log/audit/audit.log:

type=AVC msg=audit(1402615093.053:68): avc:  denied  { write } for  pid=799 comm="httpd" name="php" dev="xvda1" ino=8667365 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1402615093.053:68): arch=c000003e syscall=2 success=no exit=-13 a0=7f7a5ca697a8 a1=241 a2=1b6 a3=1 items=0 ppid=662 pid=799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

pipe audit2allow outputs:

#============= httpd_t ==============

#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:dir write;

per @Michael I tried, but still having issue wordpress writing to .htaccess,wp-config.php,wp-content.

# ls -Z .htaccess wp-config.php 
-rw-rw-rw-. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 .htaccess
-rw-rw-rw-. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-config.php
# chcon -t httpd_sys_rw_content_t .htaccess wp-config.php 
# ls -Z .htaccess wp-config.php 
-rw-rw-rw-. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 .htaccess
-rw-rw-rw-. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-config.php
#

Any ideas?

alexus
  • 13,112
  • 32
  • 117
  • 174

1 Answers1

0

You have two options:

  1. You can set the type httpd_sys_rw_content_t on files you want httpd to be able to write to.

  2. You can set the httpd_unified boolean that was suggested. But this may have other side effects.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • I updated my question as I cannot fit all in comment, basically I tried your suggestions (I think i did it right, please see output) but still having issues `wordpress` to write into `.htaccess` and/or `wp-config.php`(. What side effects were you referring in #2? (since #1 isn't working for me) – alexus Jun 13 '14 at 03:41
  • Setting your permissions properly would be a good start, I'd think. – Michael Hampton Jun 13 '14 at 03:45
  • permissions set according to: http://codex.wordpress.org/Changing_File_Permissions – alexus Jun 13 '14 at 03:47
  • sorry, i copied and paste wrong from wrong place, so it appeared as read instead of read/write) – alexus Jun 13 '14 at 03:49
  • Gawd, there's a lot of bad information in that wiki article. Almost all of it, in fact. – Michael Hampton Jun 13 '14 at 03:49