[jira] [Created] (AIRAVATA-3291) Wagtail: large image uploads fail with SELinux relabelfrom error

Tue, 28 Jan 2020 07:35:55 -0800 

Marcus Christie created AIRAVATA-3291:
-----------------------------------------

             Summary: Wagtail: large image uploads fail with SELinux 
relabelfrom error
                 Key: AIRAVATA-3291
                 URL: https://issues.apache.org/jira/browse/AIRAVATA-3291
             Project: Airavata
          Issue Type: Bug
          Components: Django Portal
            Reporter: Marcus Christie
            Assignee: Marcus Christie



{noformat}
Jan 28 10:12:27 gridfarm004 setroubleshoot: SELinux is preventing httpd from 
relabelfrom access on the file QuSP_Home_Converted.png. For complete SELinux 
messages run: sealert -l 7097f275-0c78-47c7-bc55-be30bca3f3a8
Jan 28 10:12:27 gridfarm004 python: SELinux is preventing httpd from 
relabelfrom access on the file QuSP_Home_Converted.png.#012#012*****  Plugin 
catchall (100. confidence) suggests   **************************#012#012If you 
believe that httpd should be allowed relabelfrom access on the 
QuSP_Home_Converted.png file by default.#012Then you should report this as a 
bug.#012You can generate a local policy module to allow this 
access.#012Do#012allow this access for now by executing:#012# ausearch -c 
'httpd' --raw | audit2allow -M my-httpd#012# semodule -i my-httpd.pp#012
{noformat}

{noformat}
[root@gridfarm004 ~]# sealert -l 7097f275-0c78-47c7-bc55-be30bca3f3a8
SELinux is preventing httpd from relabelfrom access on the file 
QuSP_Home_Converted.png.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that httpd should be allowed relabelfrom access on the 
QuSP_Home_Converted.png file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'httpd' --raw | audit2allow -M my-httpd
# semodule -i my-httpd.pp


Additional Information:
Source Context                system_u:system_r:httpd_t:s0
Target Context                system_u:object_r:httpd_sys_rw_content_t:s0
Target Objects                QuSP_Home_Converted.png [ file ]
Source                        httpd
Source Path                   httpd
Port                          <Unknown>
Host                          gridfarm004.ucs.indiana.edu
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-252.el7_7.6.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     gridfarm004.ucs.indiana.edu
Platform                      Linux gridfarm004.ucs.indiana.edu
                              3.10.0-957.10.1.el7.x86_64 #1 SMP Mon Mar 18
                              15:06:45 UTC 2019 x86_64 x86_64
Alert Count                   28
First Seen                    2019-12-07 12:53:56 EST
Last Seen                     2020-01-28 10:12:22 EST
Local ID                      7097f275-0c78-47c7-bc55-be30bca3f3a8

Raw Audit Messages
type=AVC msg=audit(1580224342.756:7108484): avc:  denied  { relabelfrom } for  
pid=9646 comm="httpd" name="QuSP_Home_Converted.png" dev="dm-1" ino=71079407 
scontext=system_u:system_r:httpd_t:s0 
tcontext=system_u:object_r:httpd_sys_rw_content_t:s0 tclass=file permissive=0


Hash: httpd,httpd_t,httpd_sys_rw_content_t,file,relabelfrom
{noformat}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to