I have problem with SElinux privilages with docker, in docker i run mailcow but now i have a blank screen and looks like it might be problem with privilages.
Because diagnostic says this:
SELinux is preventing /usr/local/bin/php from read access on the file /web/inc/init_db.inc.php.
Audit log:
type=AVC msg=audit(1676319004.771:1087): avc: denied { read } for pid=14555 comm="php-fpm" name="init_db.inc.php" dev="dm-0" ino=135058961 scontext=system_u:system_r:container_t:s0:c706,c972 tcontext=system_u:object_r:container_file_t:s0:c89,c575 tclass=file permissive=0
type=SYSCALL msg=audit(1676319004.771:1087): arch=c000003e syscall=2 success=no exit=-13 a0=7fffc4e15850 a1=8000 a2=0 a3=0 items=1 ppid=6637 pid=14555 auid=4294967295 uid=82 gid=82 euid=82 suid=82 fsuid=82 egid=82 sgid=82 fsgid=82 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/local/sbin/php-fpm" subj=system_u:system_r:container_t:s0:c706,c972 key=(null)
type=CWD msg=audit(1676319004.771:1087): cwd="/web"
type=PATH msg=audit(1676319004.771:1087): item=0 name="/web/inc/init_db.inc.php" inode=135058961 dev=fd:00 mode=0100666 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:container_file_t:s0:c89,c575 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0
how can i solved it?
This is what i tried:
ausearch -c 'php' --raw | audit2allow -M my-php semodule -X 300 -i my-php.pp
and results are:
compilation failed:
my-php.te:15:ERROR 'syntax error' at token 'mlsconstrain' on line 15:
# mlsconstrain file { ioctl read lock execute execute_no_trans } ((h1 dom h2 -Fail-) or (t1 != mcs_constrained_type -Fail-) ); Constraint DENIED
mlsconstrain file { write setattr append unlink link rename } ((h1 dom h2 -Fail-) or (t1 != mcs_constrained_type -Fail-) ); Constraint DENIED
/usr/bin/checkmodule: error(s) encountered while parsing configuration
[root@rhel ~]# semodule -X 300 -i my-php.pp
libsemanage.map_compressed_file: Unable to open my-php.pp
(No such file or directory).
libsemanage.semanage_direct_install_file: Unable to read file my-php.pp
(No such file or directory).
semodule: Failed on my-php.pp!
Same issue inside RHEL 9.1 with SELinux enable. Also installed docker with mailcow but i tried these commands and didnt help to me.
did i do something wrong ? inside terminal login as root user:
cd /opt/mailcow-dockerized/
setenforce 0
./update.sh
setenforce 1
but still encoutered problem:
SELinux is preventing /usr/local/bin/php from read access on the file /web/inc/init_db.inc.php.
Okay after 30min, the solution helped but i have also problem with admin blank page so to fix both i did this:
nano /opt/mailcow-dockerized/data/Dockerfiles/phpfpm/docker-entrypoint.sh
Inside of file at the bottom i add:
mkdir data/web/templates/cache
so it looks like this:
# Fix permissions on twig cache folder
mkdir data/web/templates/cache
chown -R 82:82 /web/templates/cache
# Clear cache
find /web/templates/cache/* -not -name '.gitkeep' -delete
exit nano and save then:
cd /opt/mailcow-dockerized/
setenforce 0
./update.sh
#inside update proceeding i said yes to everything
#also after finishing update i make:
docker system prune
#then when its done:
setenforce 1
reboot