[
https://issues.apache.org/jira/browse/AIRAVATA-3291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17025326#comment-17025326
]
ASF subversion and git services commented on AIRAVATA-3291:
-----------------------------------------------------------
Commit 77b4f242e5f06845d1ae2a0182dc872759142fb8 in airavata's branch
refs/heads/develop from Marcus Christie
[ https://gitbox.apache.org/repos/asf?p=airavata.git;h=77b4f24 ]
AIRAVATA-3291 Ansible: SELinux relabelfrom/to for django uploads
> Wagtail: large image uploads fail with SELinux relabelfrom error
> ----------------------------------------------------------------
>
> Key: AIRAVATA-3291
> URL: https://issues.apache.org/jira/browse/AIRAVATA-3291
> Project: Airavata
> Issue Type: Bug
> Components: Django Portal
> Reporter: Marcus Christie
> Assignee: Marcus Christie
> Priority: Major
>
> {noformat}
> Jan 28 10:12:27 gridfarm004 setroubleshoot: SELinux is preventing httpd from
> relabelfrom access on the file QuSP_Home_Converted.png. For complete SELinux
> messages run: sealert -l 7097f275-0c78-47c7-bc55-be30bca3f3a8
> Jan 28 10:12:27 gridfarm004 python: SELinux is preventing httpd from
> relabelfrom access on the file QuSP_Home_Converted.png.#012#012***** Plugin
> catchall (100. confidence) suggests **************************#012#012If
> you believe that httpd should be allowed relabelfrom access on the
> QuSP_Home_Converted.png file by default.#012Then you should report this as a
> bug.#012You can generate a local policy module to allow this
> access.#012Do#012allow this access for now by executing:#012# ausearch -c
> 'httpd' --raw | audit2allow -M my-httpd#012# semodule -i my-httpd.pp#012
> {noformat}
> {noformat}
> [root@gridfarm004 ~]# sealert -l 7097f275-0c78-47c7-bc55-be30bca3f3a8
> SELinux is preventing httpd from relabelfrom access on the file
> QuSP_Home_Converted.png.
> ***** Plugin catchall (100. confidence) suggests **************************
> If you believe that httpd should be allowed relabelfrom access on the
> QuSP_Home_Converted.png file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # ausearch -c 'httpd' --raw | audit2allow -M my-httpd
> # semodule -i my-httpd.pp
> Additional Information:
> Source Context system_u:system_r:httpd_t:s0
> Target Context system_u:object_r:httpd_sys_rw_content_t:s0
> Target Objects QuSP_Home_Converted.png [ file ]
> Source httpd
> Source Path httpd
> Port <Unknown>
> Host gridfarm004.ucs.indiana.edu
> Source RPM Packages
> Target RPM Packages
> Policy RPM selinux-policy-3.13.1-252.el7_7.6.noarch
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name gridfarm004.ucs.indiana.edu
> Platform Linux gridfarm004.ucs.indiana.edu
> 3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18
> 15:06:45 UTC 2019 x86_64 x86_64
> Alert Count 28
> First Seen 2019-12-07 12:53:56 EST
> Last Seen 2020-01-28 10:12:22 EST
> Local ID 7097f275-0c78-47c7-bc55-be30bca3f3a8
> Raw Audit Messages
> type=AVC msg=audit(1580224342.756:7108484): avc: denied { relabelfrom } for
> pid=9646 comm="httpd" name="QuSP_Home_Converted.png" dev="dm-1" ino=71079407
> scontext=system_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0
> Hash: httpd,httpd_t,httpd_sys_rw_content_t,file,relabelfrom
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
