Symptoms
-
Unable to log in to Horde on Plesk server as it reloads the login page when entering the correct password
-
SELinux is enabled
# getenforce
Enforcing -
The following can be seen in the
/var/log/audit/audit.logfile:type=AVC msg=audit(1603459707.800:2782049): avc: denied { write } for pid=61114 comm="php-cgi" name="proactive.sock" dev="dm-0" ino=1312865 scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=sock_file permissive=0
type=SYSCALL msg=audit(1603459707.800:2782049): arch=c000003e syscall=42 success=no exit=-13 a0=7 a1=7ffeb5336030 a2=6e a3=bb items=0 ppid=45029 pid=61114 auid=4294967295 uid=987 gid=1008 euid=987 suid=987 fsuid=987 egid=1008 sgid=1008 fsgid=1008 tty=(none) ses=4294967295 comm="php-cgi" exe="/opt/plesk/php/7.3/bin/php-cgi" subj=system_u:system_r:httpd_sys_script_t:s0 key=(null)
Cause
The directory /var/lib/php/session/ has incorrect SELinux context.
Resolution
Restore the SELinux context:
-
Connect to the server via SSH
-
Restore the SELinux context:
# restorecon -R -v /var/lib/php/session/
-
In case the issue remains, reinstall “psa-selinux” package to reapply Plesk SELinux policies:
# yum reinstall psa-selinux
