SELinux evita files de escritura httpd

Recientemente configuré un website en RHEL7. El SELinux está en modo Enforcing. Sin embargo, cualquiera que sea la forma en que ajuste el context, siempre evita que httpd escriba. Aquí está el audit.log:

type = AVC msg = audit (1488922911.038: 6188): avc: denied {write} para pid = 11773 comm = "httpd" name = "cache" dev = "xvda2" ino = 42006369 scontext = system_u: system_r: httpd_t: s0 tcontext = system_u: object_r: httpd_t: s0 tclass = dir

type = SYSCALL msg = audit (1488922911.038: 6188): arch = c000003e syscall = 21 success = no exit = -13 a0 = 7f76f76142c0 a1 = 2 a2 = 0 a3 = 7f76e89b0ec0 items = 0 ppid = 740 pid = 11773 auid = 4294967295 uid = 48 gid = 48 euid = 48 suid = 48 fsuid = 48 egid = 48 sgid = 48 fsgid = 48 tty = (ninguna) ses = 4294967295 comm = "httpd" exe = "/ usr / sbin / httpd" subj = system_u: system_r: httpd_t: s0 key = (nulo)

Parece que los contexts de origen y destino no coinciden. Pero, aún no funcionará después de hacerlo unificado.

type = AVC msg = audit (1488923356.905: 6384): avc: denied {write} para pid = 11709 comm = "httpd" name = "cache" dev = "xvda2" ino = 42006369 scontext = system_u: system_r: httpd_t: s0 tcontext = system_u: system_r: httpd_t: s0 tclass = dir

type = SYSCALL msg = audit (1488923356.905: 6384): arch = c000003e syscall = 21 success = no exit = -13 a0 = 7f76f76122b0 a1 = 2 a2 = 0 a3 = 7f76e89b0ec0 items = 0 ppid = 740 pid = 11709 auid = 4294967295 uid = 48 gid = 48 euid = 48 suid = 48 fsuid = 48 egid = 48 sgid = 48 fsgid = 48 tty = (ninguna) ses = 4294967295 comm = "httpd" exe = "/ usr / sbin / httpd" subj = system_u: system_r: httpd_t: s0 key = (nulo)

Actualizar

Hice una restauración de permiso usando el command restrecon. Pero no funcionó. Estoy usando el host virtual, dejo todo pnetworkingeterminado:

<VirtualHost *:80> ServerName www.hometest.com DocumentRoot /var/www/web1 </VirtualHost> 

Aquí están los permissions de SeLinux de mis files.

 # ls -Z /var/www/web1 drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 admin drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 core drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 download drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 extensions drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 image -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 index.php -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 license.txt -rwxr-x---. apache root system_u:object_r:httpd_sys_content_t:s0 list.bak -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 php.ini drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 resources -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 robots.txt drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 static_pages drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 storefront drwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 system -rwxr-x---. apache apache system_u:object_r:httpd_sys_content_t:s0 task.php # ls -dZ web1/system/cache/ drwxr-x---. apache apache system_u:system_r:httpd_t:s0 web1/system/cache 

¿Cualquier sugerencia?

Creo que debe aplicar httpd_sys_rw_content_t a los files que se escriben en (el directory de caching).

http://www.serverlab.ca/tutorials/linux/web-servers-linux/configuring-selinux-policies-for-apache-web-servers/

Tratar

 # semanage fcontext -a httpd_sys_rw_content_t "/var/www/web1/system/cache(/.*)?" # restrecon -Rv /var/www/web1/system/cache