Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: SElinux error #32602

Closed
4 of 8 tasks
Blisk opened this issue May 25, 2022 · 3 comments
Closed
4 of 8 tasks

[Bug]: SElinux error #32602

Blisk opened this issue May 25, 2022 · 3 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug

Comments

@Blisk
Copy link

Blisk commented May 25, 2022

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration/webserver/proxy issue.
  • This issue is not already reported on Github (I've searched it).
  • Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
  • I agree to follow Nextcloud's Code of Conduct.

Bug description

I get error in Log files
May 25 18:53:40 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log. For complete SELinux messages run: sealert -l 6bf34922-3eac-4cf6-97cb-8537c0c7e148
May 25 18:53:40 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log.#012#012***** Plugin catchall_labels (83.8 confidence) suggests **************#12#012If you want to allow php-fpm to have open access on the nextcloud.log file#012Then you need to change the label on /data/nextcloud/nextcloud.log#012Do#012# semanage fcontext -a -t FILE_TYPE '/data/nextcloud/nextcloud.log'#012where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_priv_helper_exec_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_spool_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, accountsd_exec_t, acct_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, aide_exec_t, alsa_exec_t, alsa_tmp_t, amanda_exec_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_tmp_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, apcupsd_cgi_script_exec_t, apcupsd_tmp_t, apm_exec_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_tmp_t, authconfig_exec_t, automount_tmp_t, avahi_exec_t, awstats_content_t, awstats_htaccess_t, awstats_ra_content_t, awstats_rw_content_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bin_t, bitlbee_tmp_t, blueman_exec_t, blueman_tmp_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, bugzilla_content_t, bugzilla_htaccess_t, bugzilla_ra_content_t, bugzilla_rw_content_t, bugzilla_script_exec_t, bugzilla_tmp_t, calamaris_exec_t, calamaris_www_t, cardctl_exec_t, cardmgr_dev_t, ccs_tmp_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmonger_tmp_t, certmonger_unconfined_exec_t, certwatch_exec_t, cgroup_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_tmp_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cluster_conf_t, cluster_tmp_t, cluster_var_lib_t, cluster_var_run_t, cobbler_etc_t, cobbler_tmp_t, cobbler_var_lib_t, cockpit_tmp_t, cockpit_tmpfs_t, collectd_content_t, collectd_htaccess_t, collectd_ra_content_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_tmp_t, conman_unconfined_script_exec_t, conmon_exec_t, consolehelper_exec_t, consolekit_exec_t, container_runtime_tmp_t, couchdb_tmp_t, courier_exec_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_content_t, cvs_data_t, cvs_exec_t, cvs_htaccess_t, cvs_ra_content_t, cvs_rw_content_t, cvs_script_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_tmp_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, dhcpc_exec_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_config_t, dirsrv_share_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_content_t, dirsrvadmin_htaccess_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_tmp_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, drbd_tmp_t, dspam_content_t, dspam_htaccess_t, dspam_ra_content_t, dspam_rw_content_t, dspam_script_exec_t, efivarfs_t, etc_runtime_t, etc_t, exim_exec_t, exim_tmp_t, fail2ban_client_exec_t, fail2ban_tmp_t, fail2ban_var_lib_t, fenced_tmp_t, fetchmail_exec_t, file_context_t, firewalld_exec_t, firewalld_tmp_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, flatpak_helper_exec_t, fonts_cache_t, fonts_t, fprintd_exec_t, fprintd_tmp_t, freqset_exec_t, fsadm_exec_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, fwupd_exec_t, games_exec_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_tmp_t, git_content_t, git_htaccess_t, git_ra_content_t, git_rw_content_t, git_script_exec_t, git_script_tmp_t, git_sys_content_t, gitd_exec_t, gitosis_exec_t, gitosis_var_lib_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_agent_tmpfs_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, gpsd_exec_t, groupadd_exec_t, gssd_tmp_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_cache_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_keytab_t, httpd_lock_t, httpd_log_t, httpd_modules_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_squirrelmail_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_htaccess_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_tmpfs_t, httpd_unconfined_script_exec_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_var_lib_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, iceauth_exec_t, icecast_exec_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, insights_client_tmp_t, install_exec_t, iotop_exec_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_tmp_t, irc_exec_t, irssi_exec_t, iscsi_tmp_t, iso9660_t, jetty_cache_t, jetty_log_t, jetty_tmp_t, jetty_unit_file_t, jetty_var_lib_t, jetty_var_run_t, jockey_exec_t, journalctl_exec_t, kadmind_tmp_t, kdump_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_tmp_t, keepalived_unconfined_script_exec_t, keystone_cgi_content_t, keystone_cgi_htaccess_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, keystone_cgi_script_exec_t, keystone_tmp_t, kismet_exec_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, kmod_exec_t, kmod_tmp_t, kpatch_exec_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_conf_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, livecd_exec_t, livecd_tmp_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_archive_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_data_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man2html_content_t, man2html_htaccess_t, man2html_ra_content_t, man2html_rw_content_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mcelog_exec_t, mdadm_tmp_t, mediawiki_content_t, mediawiki_htaccess_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_script_exec_t, mediawiki_tmp_t, mencoder_exec_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_lib_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, mojomojo_content_t, mojomojo_htaccess_t, mojomojo_ra_content_t, mojomojo_rw_content_t, mojomojo_script_exec_t, mojomojo_tmp_t, mongod_tmp_t, mount_ecryptfs_exec_t, mount_exec_t, mount_
May 25 18:53:43 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log. For complete SELinux messages run: sealert -l 6bf34922-3eac-4cf6-97cb-8537c0c7e148
May 25 18:53:43 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log.#012#012
Plugin catchall_labels (83.8 confidence) suggests **************#12#012If you want to allow php-fpm to have open access on the nextcloud.log file#012Then you need to change the label on /data/nextcloud/nextcloud.log#012Do#012# semanage fcontext -a -t FILE_TYPE '/data/nextcloud/nextcloud.log'#012where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_priv_helper_exec_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_spool_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, accountsd_exec_t, acct_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, aide_exec_t, alsa_exec_t, alsa_tmp_t, amanda_exec_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_tmp_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, apcupsd_cgi_script_exec_t, apcupsd_tmp_t, apm_exec_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_tmp_t, authconfig_exec_t, automount_tmp_t, avahi_exec_t, awstats_content_t, awstats_htaccess_t, awstats_ra_content_t, awstats_rw_content_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bin_t, bitlbee_tmp_t, blueman_exec_t, blueman_tmp_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, bugzilla_content_t, bugzilla_htaccess_t, bugzilla_ra_content_t, bugzilla_rw_content_t, bugzilla_script_exec_t, bugzilla_tmp_t, calamaris_exec_t, calamaris_www_t, cardctl_exec_t, cardmgr_dev_t, ccs_tmp_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmonger_tmp_t, certmonger_unconfined_exec_t, certwatch_exec_t, cgroup_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_tmp_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cluster_conf_t, cluster_tmp_t, cluster_var_lib_t, cluster_var_run_t, cobbler_etc_t, cobbler_tmp_t, cobbler_var_lib_t, cockpit_tmp_t, cockpit_tmpfs_t, collectd_content_t, collectd_htaccess_t, collectd_ra_content_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_tmp_t, conman_unconfined_script_exec_t, conmon_exec_t, consolehelper_exec_t, consolekit_exec_t, container_runtime_tmp_t, couchdb_tmp_t, courier_exec_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_content_t, cvs_data_t, cvs_exec_t, cvs_htaccess_t, cvs_ra_content_t, cvs_rw_content_t, cvs_script_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_tmp_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, dhcpc_exec_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_config_t, dirsrv_share_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_content_t, dirsrvadmin_htaccess_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_tmp_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, drbd_tmp_t, dspam_content_t, dspam_htaccess_t, dspam_ra_content_t, dspam_rw_content_t, dspam_script_exec_t, efivarfs_t, etc_runtime_t, etc_t, exim_exec_t, exim_tmp_t, fail2ban_client_exec_t, fail2ban_tmp_t, fail2ban_var_lib_t, fenced_tmp_t, fetchmail_exec_t, file_context_t, firewalld_exec_t, firewalld_tmp_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, flatpak_helper_exec_t, fonts_cache_t, fonts_t, fprintd_exec_t, fprintd_tmp_t, freqset_exec_t, fsadm_exec_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, fwupd_exec_t, games_exec_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_tmp_t, git_content_t, git_htaccess_t, git_ra_content_t, git_rw_content_t, git_script_exec_t, git_script_tmp_t, git_sys_content_t, gitd_exec_t, gitosis_exec_t, gitosis_var_lib_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_agent_tmpfs_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, gpsd_exec_t, groupadd_exec_t, gssd_tmp_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_cache_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_keytab_t, httpd_lock_t, httpd_log_t, httpd_modules_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_squirrelmail_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_htaccess_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_tmpfs_t, httpd_unconfined_script_exec_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_var_lib_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, iceauth_exec_t, icecast_exec_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, insights_client_tmp_t, install_exec_t, iotop_exec_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_tmp_t, irc_exec_t, irssi_exec_t, iscsi_tmp_t, iso9660_t, jetty_cache_t, jetty_log_t, jetty_tmp_t, jetty_unit_file_t, jetty_var_lib_t, jetty_var_run_t, jockey_exec_t, journalctl_exec_t, kadmind_tmp_t, kdump_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_tmp_t, keepalived_unconfined_script_exec_t, keystone_cgi_content_t, keystone_cgi_htaccess_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, keystone_cgi_script_exec_t, keystone_tmp_t, kismet_exec_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, kmod_exec_t, kmod_tmp_t, kpatch_exec_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_conf_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, livecd_exec_t, livecd_tmp_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_archive_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_data_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man2html_content_t, man2html_htaccess_t, man2html_ra_content_t, man2html_rw_content_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mcelog_exec_t, mdadm_tmp_t, mediawiki_content_t, mediawiki_htaccess_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_script_exec_t, mediawiki_tmp_t, mencoder_exec_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_lib_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, mojomojo_content_t, mojomojo_htaccess_t, mojomojo_ra_content_t, mojomojo_rw_content_t, mojomojo_script_exec_t, mojomojo_tmp_t, mongod_tmp_t, mount_ecryptfs_exec_t, mount_exec_t, mount_
May 25 18:53:46 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log. For complete SELinux messages run: sealert -l 6bf34922-3eac-4cf6-97cb-8537c0c7e148
May 25 18:53:46 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log.#012#012
Plugin catchall_labels (83.8 confidence) suggests *******************#12#012If you want to allow php-fpm to have open access on the nextcloud.log file#012Then you need to change the label on /data/nextcloud/nextcloud.log#012Do#012# semanage fcontext -a -t FILE_TYPE '/data/nextcloud/nextcloud.log'#012where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_priv_helper_exec_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_spool_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, accountsd_exec_t, acct_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, aide_exec_t, alsa_exec_t, alsa_tmp_t, amanda_exec_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_tmp_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, apcupsd_cgi_script_exec_t, apcupsd_tmp_t, apm_exec_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_tmp_t, authconfig_exec_t, automount_tmp_t, avahi_exec_t, awstats_content_t, awstats_htaccess_t, awstats_ra_content_t, awstats_rw_content_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bin_t, bitlbee_tmp_t, blueman_exec_t, blueman_tmp_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, bugzilla_content_t, bugzilla_htaccess_t, bugzilla_ra_content_t, bugzilla_rw_content_t, bugzilla_script_exec_t, bugzilla_tmp_t, calamaris_exec_t, calamaris_www_t, cardctl_exec_t, cardmgr_dev_t, ccs_tmp_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmonger_tmp_t, certmonger_unconfined_exec_t, certwatch_exec_t, cgroup_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_tmp_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cluster_conf_t, cluster_tmp_t, cluster_var_lib_t, cluster_var_run_t, cobbler_etc_t, cobbler_tmp_t, cobbler_var_lib_t, cockpit_tmp_t, cockpit_tmpfs_t, collectd_content_t, collectd_htaccess_t, collectd_ra_content_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_tmp_t, conman_unconfined_script_exec_t, conmon_exec_t, consolehelper_exec_t, consolekit_exec_t, container_runtime_tmp_t, couchdb_tmp_t, courier_exec_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_content_t, cvs_data_t, cvs_exec_t, cvs_htaccess_t, cvs_ra_content_t, cvs_rw_content_t, cvs_script_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_tmp_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, dhcpc_exec_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_config_t, dirsrv_share_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_content_t, dirsrvadmin_htaccess_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_tmp_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, drbd_tmp_t, dspam_content_t, dspam_htaccess_t, dspam_ra_content_t, dspam_rw_content_t, dspam_script_exec_t, efivarfs_t, etc_runtime_t, etc_t, exim_exec_t, exim_tmp_t, fail2ban_client_exec_t, fail2ban_tmp_t, fail2ban_var_lib_t, fenced_tmp_t, fetchmail_exec_t, file_context_t, firewalld_exec_t, firewalld_tmp_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, flatpak_helper_exec_t, fonts_cache_t, fonts_t, fprintd_exec_t, fprintd_tmp_t, freqset_exec_t, fsadm_exec_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, fwupd_exec_t, games_exec_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_tmp_t, git_content_t, git_htaccess_t, git_ra_content_t, git_rw_content_t, git_script_exec_t, git_script_tmp_t, git_sys_content_t, gitd_exec_t, gitosis_exec_t, gitosis_var_lib_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_agent_tmpfs_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, gpsd_exec_t, groupadd_exec_t, gssd_tmp_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_cache_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_keytab_t, httpd_lock_t, httpd_log_t, httpd_modules_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_squirrelmail_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_htaccess_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_tmpfs_t, httpd_unconfined_script_exec_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_var_lib_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, iceauth_exec_t, icecast_exec_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, insights_client_tmp_t, install_exec_t, iotop_exec_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_tmp_t, irc_exec_t, irssi_exec_t, iscsi_tmp_t, iso9660_t, jetty_cache_t, jetty_log_t, jetty_tmp_t, jetty_unit_file_t, jetty_var_lib_t, jetty_var_run_t, jockey_exec_t, journalctl_exec_t, kadmind_tmp_t, kdump_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_tmp_t, keepalived_unconfined_script_exec_t, keystone_cgi_content_t, keystone_cgi_htaccess_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, keystone_cgi_script_exec_t, keystone_tmp_t, kismet_exec_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, kmod_exec_t, kmod_tmp_t, kpatch_exec_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_conf_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, livecd_exec_t, livecd_tmp_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_archive_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_data_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man2html_content_t, man2html_htaccess_t, man2html_ra_content_t, man2html_rw_content_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mcelog_exec_t, mdadm_tmp_t, mediawiki_content_t, mediawiki_htaccess_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_script_exec_t, mediawiki_tmp_t, mencoder_exec_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_lib_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, mojomojo_content_t, mojomojo_htaccess_t, mojomojo_ra_content_t, mojomojo_rw_content_t, mojomojo_script_exec_t, mojomojo_tmp_t, mongod_tmp_t, mount_ecryptfs_exec_t, mount_exec_t, mount_

Steps to reproduce

refresh web page

Expected behavior

no errors in log

Installation method

No response

Operating system

No response

PHP engine version

No response

Web server

No response

Database engine version

No response

Is this bug present after an update or on a fresh install?

No response

Are you using the Nextcloud Server Encryption module?

No response

What user-backends are you using?

  • Default user-backend (database)
  • LDAP/ Active Directory
  • SSO - SAML
  • Other

Configuration report

No response

List of activated Apps

I run all of this and error still persist
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

restorecon -Rv '/var/www/html/nextcloud/'

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

@Blisk Blisk added 0. Needs triage Pending check for reproducibility or if it fits our roadmap bug labels May 25, 2022
@l00v3
Copy link

l00v3 commented May 26, 2022

I would say that this is not really a bug, but a custom configuration issue, as you have custom data path.
I did not try it, but I have a similar configuration and you should add something like this:

semanage fcontext -a -t httpd_sys_rw_content_t '/data/nextcloud(/.*)?'
restorecon -Rv '/data/nextcloud/'

@Blisk
Copy link
Author

Blisk commented May 26, 2022

thank you this now solve a problem.

@l00v3
Copy link

l00v3 commented May 26, 2022

Please close the issue if it's solved : )

@Blisk Blisk closed this as completed May 26, 2022
@Blisk Blisk closed this as not planned Won't fix, can't repro, duplicate, stale Jun 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap bug
Projects
None yet
Development

No branches or pull requests

2 participants