httpd (WordPress) gets avc denied write (SELinux)

alexus asked:

I’m getting following message in my /var/log/audit/audit.log:

type=AVC msg=audit(1402615093.053:68): avc:  denied  { write } for  pid=799 comm="httpd" name="php" dev="xvda1" ino=8667365 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir
type=SYSCALL msg=audit(1402615093.053:68): arch=c000003e syscall=2 success=no exit=-13 a0=7f7a5ca697a8 a1=241 a2=1b6 a3=1 items=0 ppid=662 pid=799 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

pipe audit2allow outputs:

#============= httpd_t ==============

#!!!! This avc can be allowed using the boolean 'httpd_unified'
allow httpd_t httpd_sys_content_t:dir write;

per @Michael I tried, but still having issue wordpress writing to .htaccess,wp-config.php,wp-content.

# ls -Z .htaccess wp-config.php 
-rw-rw-rw-. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 .htaccess
-rw-rw-rw-. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-config.php
# chcon -t httpd_sys_rw_content_t .htaccess wp-config.php 
# ls -Z .htaccess wp-config.php 
-rw-rw-rw-. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 .htaccess
-rw-rw-rw-. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-config.php

Any ideas?

My answer:

You have two options:

  1. You can set the type httpd_sys_rw_content_t on files you want httpd to be able to write to.

  2. You can set the httpd_unified boolean that was suggested. But this may have other side effects.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.