selinux Missing type enforcement (TE) allow rule
Solution 1
It appears that you are trying to have your web server write to a user's home directory. There are no SELinux reference policies to permit this behavior. You should think carefully about whether you should be serving content from users' home directories at all.
If you really need this access, you can use the audit2allow
utility to generate a local policy module that you can load in and permit the access.
Solution 2
Already An error occurs when different security context is given to the port you want to add. If you are using Tomcat The fundamental HTTP port 8080, the port is http_cache_port_t type. If you are using nginx was built 8081 and it transproxy_port_t or both context apache web server generates an error because it can not connect. If you need to change the security context, and without additional use of the -m option instead of the -a option.
~# semanage port -l |grep 8081
transproxy_port_t tcp 8081
and then
~# semanage port -l |grep http_port_t
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
Add
# semanage port -m -p tcp -t http_port_t 8081
Solution 3
I'm confused is the FTP via apache or just plain old FTP?
If it is plain old FTP check the SELinux context of where you are trying to make a new directory. It could be set incorrectly.
If it is via Apache:
You can enable Apache to use home directories via a command like:
setsebool -P httpd_enable_homedirs
chcon -R -t httpd_sys_content_t ~user/public_html
Reference: http://fedoraproject.org/wiki/SELinux/apache
Related videos on Youtube
![usa ims](https://i.stack.imgur.com/peNd6.jpg?s=256&g=1)
usa ims
Upright/electric bass player from West Palm Beach, Florida I'm into Ray Charles, Nat King Cole, Charles Brown.
Updated on September 18, 2022Comments
-
usa ims almost 2 years
When I run my FTP test to test for full functionality, I'm concerned on why am I getting an avc denial error on such a popular command, such as 'mkdir'?
Here is the AVC denial message:
type=AVC msg=audit(1365021919.400:283): avc: denied { create } for pid=2210 comm="mkdir" name="64F77DCE-9C9F-11E2-90A8-39AEF085A14A" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=dir Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access.
According to Fedora's web site, Missing Type Enforcement rules are usually caused by bugs in SELinux policy. So, is this a truly a bug?
-
Matthew Ife over 11 yearsWriting into users home directories as a web server really is pretty anomalous behaviour. SELinux is doing the right thing here by flagging this.
-
Andrew B over 11 yearsWhen you have enough reputation to leave comments, please use those to request additional details. Helps to keep things nice and tidy around here.
-
Michael Hampton over 11 yearsThis does not allow writing to the user home directories.
-
user167729 over 11 yearsIt may not, but I wasn't exactly sure what was going on in the backend. Depending on his setup he may need to turn on one or more SELinux bools suchas allow_httpd_anon_write or allow_httpd_sys_script_anon_write. Audit2allow will allow you to create a policy. However, I would argue that should be a last resort and not "the go to solution" for SELinux issues.
-
Elijah Lynn about 7 yearsExample needed.
-
Michael Hampton about 7 years@ElijahLynn Example of what?
-
Elijah Lynn about 7 yearsExample of generating a local policy module with audit2allow and loading it.