Поставил Joomla 1.5.11 на FC10 c включенным SELinux'ом. При входе в админку получаю:
SELinux
Summary:
SELinux prevented httpd reading and writing access to http files.

Detailed Description:
SELinux prevented httpd reading and writing access to http files. Ordinarily
httpd is allowed full access to all files labeled with http file context. This
machine has a tightened security policy with the httpd_unified turned off, this
requires explicit labeling of all files. If a file is a cgi script it needs to
be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is
read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable
content. it needs to be labeled httpd_TYPE_script_rw_t or
httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts.
Please refer to the man page "man httpd_selinux" or FAQ
(http://fedora.redhat.com/docs/selinux-apache-fc3) "TYPE" refers to one of
"sys", "user" or "staff" or potentially other script types.

Allowing Access:
Changing the "httpd_unified" boolean to true will allow this access: "setsebool -P httpd_unified=1"

Fix Command:
setsebool -P httpd_unified=1

Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:httpd_sys_content_t:s0
Target Objects ./3c788c8140c244baa4de05cad390c937.spc [ file ]
Source httpd
Source Path /usr/sbin/httpd
Port <Unknown>
Host localhost
Source RPM Packages httpd-2.2.11-2.fc10
Target RPM Packages
Policy RPM selinux-policy-3.5.13-61.fc10
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name httpd_unified
Host Name localhost
Platform Linux localhost 2.6.27.24-170.2.68.fc10.i686 #1 SMP
Wed May 20 23:10:16 EDT 2009 i686 i686
Alert Count 28
First Seen Sun 07 Jun 2009 05:33:53 PM EEST
Last Seen Wed 10 Jun 2009 06:47:39 AM EEST
Local ID cfdffe5b-7123-4370-902a-f982aa3c8162
Line Numbers

Raw Audit Messages

node=localhost type=AVC msg=audit(1244605659.234:49): avc: denied { create } for pid=4462 comm="httpd" name="3c788c8140c244baa4de05cad390c937.spc" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file

node=localhost type=SYSCALL msg=audit(1244605659.234:49): arch=40000003 syscall=5 success=no exit=-13 a0=341eb78 a1=241 a2=1b6 a3=341eb78 items=0 ppid=2385 pid=4462 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)

setsebool -P httpd_unified=1 , как советуют - говорил: что мертвому припарки. В результате, при 777, фактически права на запись - отсутствуют. Как сие лечится?
_________________
"Helo, word!" - 17 errors 56 warnings
Posted via ActualForum NNTP Server 1.4

Глобально лечится:
1. Проверяем
getsebool -a | grep httpd
...
httpd_enable_cgi --> off
httpd_unified --> on
httpd_builtin_scripting --> on
...

2. Для всех off устанавливаем

М.б. как-то можно непосредственно настроить на конкретные файлы а-ля ?
_________________
"Helo, word!" - 17 errors 56 warnings