How to adjust SELinux to allow not so large file downloads in Apache?

Damian

9/12/23, 10:20 PM

I have a centos 7 server running Apache 2.4 that will happily allow users to download files until they get to a certain size. I've noticed the problem with mp4 video files; I host both low and full resolution files on the site. The low res files are usually less than 5 MB but the full res files can exceed 30 MB. The same script processes and copies them to the website and I can verify all the file permissions are the same. If I change SELinux to setenforce=0 the files will download without issue. While SELinux is enforcing, apache returns a Forbidden error instead.

Any thoughts on what SELinux policy I need to adjust?

0 + 0

selinux

apache-2.4

centos7

tilleyc

9/12/23, 11:34 PM

Look into using audit2allow to see what recommendations it has - it analyzes the actual failures in the audit log to suggest a fix.

Score:0

Server

Damian

9/19/23, 2:52 PM

Thanks for the suggestion to use audit2allow, tilleyc. It turns out the video file was 'mislabeled' on my system and the base type was listed as an 'unlabeld_t'. After using the restorecon command, the files were accessible through the webserver. I'll have to do a little more testing to see why the error initially happened but audit2allow pointed me in the right direction. Thanks!

0 + 0

Matthew Ife

9/19/23, 3:32 PM

I'm going with the idea here that when the file is below a certain file size, it is stored in memory. At a certain limit, the file upload code switches to storing the data in a tmp file on disk somewhere -- this is where it gets mislabeled.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to adjust SELinux to allow not so large file downloads in Apache?

TH: จะปรับ SELinux ให้ดาวน์โหลดไฟล์ขนาดไม่ใหญ่มากใน Apache ได้อย่างไร?

RO: Cum se ajustează SELinux pentru a permite descărcări de fișiere nu atât de mari în Apache?

RU: Как настроить SELinux, чтобы разрешить загрузку не таких больших файлов в Apache?

VI: Làm cách nào để điều chỉnh SELinux để cho phép tải xuống tệp không quá lớn trong Apache?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.