Quote:
Originally Posted by HWDPlinux
ausearch -ts recent -m avc----
time->Wed Dec 2 15:15:43 2015
type=SYSCALL msg=audit(1449087343.148:192469): arch=c000003e syscall=2 success=no exit=-13 a0=7fffed886830 a1=80000 a2=0 a3=7f829f4ed2c1 items=0 ppid=1 pid=32688 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1449087343.148:192469): avc: denied { read } for pid=32688 comm="httpd" name="blog_dworak-linux_com.crt" dev="xvda2" ino=17779477 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u bject_r:user_home_t:s0 tclass=file
Is tcontext mean it will work with those contexts?
|
Use code tags (see my signature) to make your output more readable.
This is a message from SELinux.
scontext means source context, i.e. the context of the httpd.
tcontext is target context; the context of the file or other resource the process wanted to access. In your case, it seems to be a certificate file named
blog_dworak-linux_com.crt.
The usual SELinux setup only requires looking at the type part of the context, i.e.
httpd_t and
user_home_t. The standard SELinux rules don't allow an
httpd_t process to access a
user_home_t resource. To fix this, you have to change the type of the resource (
chcon command) or the rules (
semanage command).
There is also an
setroubleshoot package (the precise name may vary) that provides suggestions in readable English, but I would search for instructions for configuring https on a system with SELinux (Centos or RHEL, perhaps?) and check your setup.