SELinux and Webdav Issue
by lonestarken from LinuxQuestions.org on (#5RD96)
Server is running CentOS 8 with Apache 2.4.37 and webdav. Using Dreamweaver we are getting permission errors. I can't tell from the error message where it's trying to write the .davfs.tmpXXXXXXX files so I can fix the permissions. The folder where we are trying to write the file has unconfined_u:object_r:httpd_sys_content_t:s0. Any ideas where to look?
SELinux is preventing httpd from add_name access on the directory .davfs.tmp539ae1.
***** Plugin httpd_write_content (92.2 confidence) suggests ***************
If you want to allow httpd to have add_name access on the .davfs.tmp539ae1 directory
Then you need to change the label on '.davfs.tmp539ae1'
Do
# semanage fcontext -a -t httpd_sys_rw_content_t '.davfs.tmp539ae1'
# restorecon -v '.davfs.tmp539ae1'
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If you want to allow httpd to unified
Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.
Do
setsebool -P httpd_unified 1
***** Plugin catchall (1.41 confidence) suggests **************************
If you believe that httpd should be allowed add_name access on the .davfs.tmp539ae1 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -X 300 -i my-httpd.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:httpd_sys_content_t:s0
Target Objects .davfs.tmp539ae1 [ dir ]
Source httpd
Source Path httpd
Port <Unknown>
Host XXXXXX
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-3.14.3-67.el8_4.2.noarch
Local Policy RPM selinux-policy-targeted-3.14.3-67.el8_4.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name XXXXXX
Platform Linux XXXXXX 4.18.0-305.19.1.el8_4.x86_64 #1 SMP
Wed Sep 15 15:39:39 UTC 2021 x86_64 x86_64
Alert Count 28
First Seen 2021-11-01 16:19:26 CDT
Last Seen 2021-11-01 17:57:59 CDT
Local ID c347e713-4593-4ec4-894e-7347babd2709
Raw Audit Messages
type=AVC msg=audit(1635807479.178:18132): avc: denied { add_name } for pid=2336447 comm="httpd" name=".davfs.tmp539ae1" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
Hash: httpd,httpd_t,httpd_sys_content_t,dir,add_name
SELinux is preventing httpd from add_name access on the directory .davfs.tmp539ae1.
***** Plugin httpd_write_content (92.2 confidence) suggests ***************
If you want to allow httpd to have add_name access on the .davfs.tmp539ae1 directory
Then you need to change the label on '.davfs.tmp539ae1'
Do
# semanage fcontext -a -t httpd_sys_rw_content_t '.davfs.tmp539ae1'
# restorecon -v '.davfs.tmp539ae1'
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If you want to allow httpd to unified
Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.
Do
setsebool -P httpd_unified 1
***** Plugin catchall (1.41 confidence) suggests **************************
If you believe that httpd should be allowed add_name access on the .davfs.tmp539ae1 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -X 300 -i my-httpd.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context unconfined_u:object_r:httpd_sys_content_t:s0
Target Objects .davfs.tmp539ae1 [ dir ]
Source httpd
Source Path httpd
Port <Unknown>
Host XXXXXX
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-3.14.3-67.el8_4.2.noarch
Local Policy RPM selinux-policy-targeted-3.14.3-67.el8_4.2.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name XXXXXX
Platform Linux XXXXXX 4.18.0-305.19.1.el8_4.x86_64 #1 SMP
Wed Sep 15 15:39:39 UTC 2021 x86_64 x86_64
Alert Count 28
First Seen 2021-11-01 16:19:26 CDT
Last Seen 2021-11-01 17:57:59 CDT
Local ID c347e713-4593-4ec4-894e-7347babd2709
Raw Audit Messages
type=AVC msg=audit(1635807479.178:18132): avc: denied { add_name } for pid=2336447 comm="httpd" name=".davfs.tmp539ae1" scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir permissive=0
Hash: httpd,httpd_t,httpd_sys_content_t,dir,add_name