在CentOS 7.5配置Apache HTTP服务器后,看到如下错误:
Permission denied
查看Apache HTTP服务器的错误日志/var/log/httpd/error_log如下:
[Wed May 06 23:00:54 2019] [error] [client 127.0.0.1] (13) Permission denied: access to /www/t.txt denied
查看SELinux的审计日志如下:
[root@myhost ~]# grep denied /var/log/audit/audit.log
type=AVC msg=audit(1415715270.766:31): avc: denied { getattr } for pid=1380 comm="httpd" path="/www/t.txt" dev=vda1 ino=1084 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:default_t:s0 tclass=file
通过审计日志,我们看到Apache进程的scontext type为httpd_t,而被请求对象的tcontext type为default_t,所以Apache进程访问/www/t.txt文件被拒绝。
执行grep 1415715270.766:31 /var/log/audit/audit.log | audit2why命令,让audit2why帮助我们找到解决办法。该命令给出建议:
You can use audit2allow