[Bug]: SElinux error

[Blisk]

⚠️ This issue respects the following points: ⚠️

• [X] This is a bug, not a question or a configuration/webserver/proxy issue.
• [X] This issue is not already reported on Github (I've searched it).
• [X] Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• [X] I agree to follow Nextcloud's Code of Conduct.

Bug description

I get error in Log files May 25 18:53:40 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log. For complete SELinux messages run: sealert -l 6bf34922-3eac-4cf6-97cb-8537c0c7e148 May 25 18:53:40 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log.#012#012* Plugin catchall_labels (83.8 confidence) suggests ***#012#012If you want to allow php-fpm to have open access on the nextcloud.log file#012Then you need to change the label on /data/nextcloud/nextcloud.log#012Do#012# semanage fcontext -a -t FILE_TYPE '/data/nextcloud/nextcloud.log'#012where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_priv_helper_exec_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_spool_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, accountsd_exec_t, acct_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, aide_exec_t, alsa_exec_t, alsa_tmp_t, amanda_exec_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_tmp_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, apcupsd_cgi_script_exec_t, apcupsd_tmp_t, apm_exec_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_tmp_t, authconfig_exec_t, automount_tmp_t, avahi_exec_t, awstats_content_t, awstats_htaccess_t, awstats_ra_content_t, awstats_rw_content_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bin_t, bitlbee_tmp_t, blueman_exec_t, blueman_tmp_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, bugzilla_content_t, bugzilla_htaccess_t, bugzilla_ra_content_t, bugzilla_rw_content_t, bugzilla_script_exec_t, bugzilla_tmp_t, calamaris_exec_t, calamaris_www_t, cardctl_exec_t, cardmgr_dev_t, ccs_tmp_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmonger_tmp_t, certmonger_unconfined_exec_t, certwatch_exec_t, cgroup_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_tmp_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cluster_conf_t, cluster_tmp_t, cluster_var_lib_t, cluster_var_run_t, cobbler_etc_t, cobbler_tmp_t, cobbler_var_lib_t, cockpit_tmp_t, cockpit_tmpfs_t, collectd_content_t, collectd_htaccess_t, collectd_ra_content_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_tmp_t, conman_unconfined_script_exec_t, conmon_exec_t, consolehelper_exec_t, consolekit_exec_t, container_runtime_tmp_t, couchdb_tmp_t, courier_exec_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_content_t, cvs_data_t, cvs_exec_t, cvs_htaccess_t, cvs_ra_content_t, cvs_rw_content_t, cvs_script_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_tmp_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, dhcpc_exec_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_config_t, dirsrv_share_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_content_t, dirsrvadmin_htaccess_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_tmp_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, drbd_tmp_t, dspam_content_t, dspam_htaccess_t, dspam_ra_content_t, dspam_rw_content_t, dspam_script_exec_t, efivarfs_t, etc_runtime_t, etc_t, exim_exec_t, exim_tmp_t, fail2ban_client_exec_t, fail2ban_tmp_t, fail2ban_var_lib_t, fenced_tmp_t, fetchmail_exec_t, file_context_t, firewalld_exec_t, firewalld_tmp_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, flatpak_helper_exec_t, fonts_cache_t, fonts_t, fprintd_exec_t, fprintd_tmp_t, freqset_exec_t, fsadm_exec_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, fwupd_exec_t, games_exec_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_tmp_t, git_content_t, git_htaccess_t, git_ra_content_t, git_rw_content_t, git_script_exec_t, git_script_tmp_t, git_sys_content_t, gitd_exec_t, gitosis_exec_t, gitosis_var_lib_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_agent_tmpfs_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, gpsd_exec_t, groupadd_exec_t, gssd_tmp_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_cache_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_keytab_t, httpd_lock_t, httpd_log_t, httpd_modules_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_squirrelmail_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_htaccess_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_tmpfs_t, httpd_unconfined_script_exec_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_var_lib_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, iceauth_exec_t, icecast_exec_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, insights_client_tmp_t, install_exec_t, iotop_exec_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_tmp_t, irc_exec_t, irssi_exec_t, iscsi_tmp_t, iso9660_t, jetty_cache_t, jetty_log_t, jetty_tmp_t, jetty_unit_file_t, jetty_var_lib_t, jetty_var_run_t, jockey_exec_t, journalctl_exec_t, kadmind_tmp_t, kdump_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_tmp_t, keepalived_unconfined_script_exec_t, keystone_cgi_content_t, keystone_cgi_htaccess_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, keystone_cgi_script_exec_t, keystone_tmp_t, kismet_exec_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, kmod_exec_t, kmod_tmp_t, kpatch_exec_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_conf_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, livecd_exec_t, livecd_tmp_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_archive_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_data_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man2html_content_t, man2html_htaccess_t, man2html_ra_content_t, man2html_rw_content_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mcelog_exec_t, mdadm_tmp_t, mediawiki_content_t, mediawiki_htaccess_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_script_exec_t, mediawiki_tmp_t, mencoder_exec_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_lib_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, mojomojo_content_t, mojomojo_htaccess_t, mojomojo_ra_content_t, mojomojo_rw_content_t, mojomojo_script_exec_t, mojomojo_tmp_t, mongod_tmp_t, mount_ecryptfs_exec_t, mount_exect, mount May 25 18:53:43 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log. For complete SELinux messages run: sealert -l 6bf34922-3eac-4cf6-97cb-8537c0c7e148 May 25 18:53:43 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log.#012#012* Plugin catchall_labels (83.8 confidence) suggests ***#012#012If you want to allow php-fpm to have open access on the nextcloud.log file#012Then you need to change the label on /data/nextcloud/nextcloud.log#012Do#012# semanage fcontext -a -t FILE_TYPE '/data/nextcloud/nextcloud.log'#012where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_priv_helper_exec_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_spool_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, accountsd_exec_t, acct_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, aide_exec_t, alsa_exec_t, alsa_tmp_t, amanda_exec_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_tmp_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, apcupsd_cgi_script_exec_t, apcupsd_tmp_t, apm_exec_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_tmp_t, authconfig_exec_t, automount_tmp_t, avahi_exec_t, awstats_content_t, awstats_htaccess_t, awstats_ra_content_t, awstats_rw_content_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bin_t, bitlbee_tmp_t, blueman_exec_t, blueman_tmp_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, bugzilla_content_t, bugzilla_htaccess_t, bugzilla_ra_content_t, bugzilla_rw_content_t, bugzilla_script_exec_t, bugzilla_tmp_t, calamaris_exec_t, calamaris_www_t, cardctl_exec_t, cardmgr_dev_t, ccs_tmp_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmonger_tmp_t, certmonger_unconfined_exec_t, certwatch_exec_t, cgroup_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_tmp_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cluster_conf_t, cluster_tmp_t, cluster_var_lib_t, cluster_var_run_t, cobbler_etc_t, cobbler_tmp_t, cobbler_var_lib_t, cockpit_tmp_t, cockpit_tmpfs_t, collectd_content_t, collectd_htaccess_t, collectd_ra_content_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_tmp_t, conman_unconfined_script_exec_t, conmon_exec_t, consolehelper_exec_t, consolekit_exec_t, container_runtime_tmp_t, couchdb_tmp_t, courier_exec_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_content_t, cvs_data_t, cvs_exec_t, cvs_htaccess_t, cvs_ra_content_t, cvs_rw_content_t, cvs_script_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_tmp_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, dhcpc_exec_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_config_t, dirsrv_share_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_content_t, dirsrvadmin_htaccess_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_tmp_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, drbd_tmp_t, dspam_content_t, dspam_htaccess_t, dspam_ra_content_t, dspam_rw_content_t, dspam_script_exec_t, efivarfs_t, etc_runtime_t, etc_t, exim_exec_t, exim_tmp_t, fail2ban_client_exec_t, fail2ban_tmp_t, fail2ban_var_lib_t, fenced_tmp_t, fetchmail_exec_t, file_context_t, firewalld_exec_t, firewalld_tmp_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, flatpak_helper_exec_t, fonts_cache_t, fonts_t, fprintd_exec_t, fprintd_tmp_t, freqset_exec_t, fsadm_exec_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, fwupd_exec_t, games_exec_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_tmp_t, git_content_t, git_htaccess_t, git_ra_content_t, git_rw_content_t, git_script_exec_t, git_script_tmp_t, git_sys_content_t, gitd_exec_t, gitosis_exec_t, gitosis_var_lib_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_agent_tmpfs_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, gpsd_exec_t, groupadd_exec_t, gssd_tmp_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_cache_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_keytab_t, httpd_lock_t, httpd_log_t, httpd_modules_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_squirrelmail_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_htaccess_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_tmpfs_t, httpd_unconfined_script_exec_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_var_lib_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, iceauth_exec_t, icecast_exec_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, insights_client_tmp_t, install_exec_t, iotop_exec_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_tmp_t, irc_exec_t, irssi_exec_t, iscsi_tmp_t, iso9660_t, jetty_cache_t, jetty_log_t, jetty_tmp_t, jetty_unit_file_t, jetty_var_lib_t, jetty_var_run_t, jockey_exec_t, journalctl_exec_t, kadmind_tmp_t, kdump_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_tmp_t, keepalived_unconfined_script_exec_t, keystone_cgi_content_t, keystone_cgi_htaccess_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, keystone_cgi_script_exec_t, keystone_tmp_t, kismet_exec_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, kmod_exec_t, kmod_tmp_t, kpatch_exec_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_conf_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, livecd_exec_t, livecd_tmp_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_archive_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_data_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man2html_content_t, man2html_htaccess_t, man2html_ra_content_t, man2html_rw_content_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mcelog_exec_t, mdadm_tmp_t, mediawiki_content_t, mediawiki_htaccess_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_script_exec_t, mediawiki_tmp_t, mencoder_exec_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_lib_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, mojomojo_content_t, mojomojo_htaccess_t, mojomojo_ra_content_t, mojomojo_rw_content_t, mojomojo_script_exec_t, mojomojo_tmp_t, mongod_tmp_t, mount_ecryptfs_exec_t, mount_exect, mount May 25 18:53:46 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log. For complete SELinux messages run: sealert -l 6bf34922-3eac-4cf6-97cb-8537c0c7e148 May 25 18:53:46 nextcloud setroubleshoot[3077]: SELinux is preventing /usr/sbin/php-fpm from open access on the file /data/nextcloud/nextcloud.log.#012#012* Plugin catchall_labels (83.8 confidence) suggests ***#012#012If you want to allow php-fpm to have open access on the nextcloud.log file#012Then you need to change the label on /data/nextcloud/nextcloud.log#012Do#012# semanage fcontext -a -t FILE_TYPE '/data/nextcloud/nextcloud.log'#012where FILE_TYPE is one of the following: NetworkManager_exec_t, NetworkManager_priv_helper_exec_t, NetworkManager_tmp_t, abrt_dump_oops_exec_t, abrt_etc_t, abrt_exec_t, abrt_handle_event_exec_t, abrt_helper_exec_t, abrt_retrace_coredump_exec_t, abrt_retrace_spool_t, abrt_retrace_worker_exec_t, abrt_tmp_t, abrt_upload_watch_tmp_t, abrt_var_cache_t, abrt_var_run_t, accountsd_exec_t, acct_exec_t, admin_crontab_tmp_t, admin_passwd_exec_t, aide_exec_t, alsa_exec_t, alsa_tmp_t, amanda_exec_t, amanda_recover_exec_t, amanda_tmp_t, amtu_exec_t, anacron_exec_t, anon_inodefs_t, antivirus_exec_t, antivirus_tmp_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, apcupsd_cgi_ra_content_t, apcupsd_cgi_rw_content_t, apcupsd_cgi_script_exec_t, apcupsd_tmp_t, apm_exec_t, apmd_tmp_t, arpwatch_tmp_t, asterisk_tmp_t, audisp_exec_t, auditadm_sudo_tmp_t, auditctl_exec_t, auditd_tmp_t, authconfig_exec_t, automount_tmp_t, avahi_exec_t, awstats_content_t, awstats_htaccess_t, awstats_ra_content_t, awstats_rw_content_t, awstats_script_exec_t, awstats_tmp_t, bacula_admin_exec_t, bacula_tmp_t, bacula_unconfined_script_exec_t, bin_t, bitlbee_tmp_t, blueman_exec_t, blueman_tmp_t, bluetooth_helper_exec_t, bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t, bluetooth_tmp_t, boinc_project_tmp_t, boinc_tmp_t, boot_t, bootloader_exec_t, bootloader_tmp_t, brctl_exec_t, bugzilla_content_t, bugzilla_htaccess_t, bugzilla_ra_content_t, bugzilla_rw_content_t, bugzilla_script_exec_t, bugzilla_tmp_t, calamaris_exec_t, calamaris_www_t, cardctl_exec_t, cardmgr_dev_t, ccs_tmp_t, cdcc_exec_t, cdcc_tmp_t, cdrecord_exec_t, cert_t, certmonger_tmp_t, certmonger_unconfined_exec_t, certwatch_exec_t, cgroup_t, checkpc_exec_t, checkpolicy_exec_t, chfn_exec_t, chkpwd_exec_t, chrome_sandbox_exec_t, chrome_sandbox_nacl_exec_t, chrome_sandbox_tmp_t, chronyc_exec_t, chronyd_tmp_t, cinder_api_tmp_t, cinder_backup_tmp_t, cinder_scheduler_tmp_t, cinder_volume_tmp_t, cloud_init_tmp_t, cluster_conf_t, cluster_tmp_t, cluster_var_lib_t, cluster_var_run_t, cobbler_etc_t, cobbler_tmp_t, cobbler_var_lib_t, cockpit_tmp_t, cockpit_tmpfs_t, collectd_content_t, collectd_htaccess_t, collectd_ra_content_t, collectd_rw_content_t, collectd_script_exec_t, collectd_script_tmp_t, colord_exec_t, colord_tmp_t, comsat_tmp_t, condor_master_tmp_t, condor_schedd_tmp_t, condor_startd_tmp_t, conman_tmp_t, conman_unconfined_script_exec_t, conmon_exec_t, consolehelper_exec_t, consolekit_exec_t, container_runtime_tmp_t, couchdb_tmp_t, courier_exec_t, cpu_online_t, cpucontrol_exec_t, cpufreqselector_exec_t, cpuspeed_exec_t, crack_exec_t, crack_tmp_t, crond_tmp_t, crontab_exec_t, crontab_tmp_t, ctdbd_tmp_t, cups_pdf_tmp_t, cupsd_config_exec_t, cupsd_lpd_tmp_t, cupsd_tmp_t, cvs_content_t, cvs_data_t, cvs_exec_t, cvs_htaccess_t, cvs_ra_content_t, cvs_rw_content_t, cvs_script_exec_t, cvs_tmp_t, cyphesis_exec_t, cyphesis_tmp_t, cyrus_tmp_t, dbadm_sudo_tmp_t, dbskkd_tmp_t, dbusd_etc_t, dbusd_exec_t, dcc_client_exec_t, dcc_client_tmp_t, dcc_dbclean_exec_t, dcc_dbclean_tmp_t, dccd_tmp_t, dccifd_tmp_t, dccm_tmp_t, ddclient_tmp_t, debuginfo_exec_t, deltacloudd_tmp_t, devicekit_disk_exec_t, devicekit_exec_t, devicekit_power_exec_t, devicekit_tmp_t, dhcpc_exec_t, dhcpc_tmp_t, dhcpd_tmp_t, dirsrv_config_t, dirsrv_share_t, dirsrv_tmp_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_content_t, dirsrvadmin_htaccess_t, dirsrvadmin_ra_content_t, dirsrvadmin_rw_content_t, dirsrvadmin_script_exec_t, dirsrvadmin_tmp_t, dirsrvadmin_unconfined_script_exec_t, disk_munin_plugin_exec_t, disk_munin_plugin_tmp_t, dkim_milter_tmp_t, dmesg_exec_t, dmidecode_exec_t, dnsmasq_tmp_t, dnssec_trigger_tmp_t, dovecot_auth_tmp_t, dovecot_deliver_tmp_t, dovecot_tmp_t, drbd_tmp_t, dspam_content_t, dspam_htaccess_t, dspam_ra_content_t, dspam_rw_content_t, dspam_script_exec_t, efivarfs_t, etc_runtime_t, etc_t, exim_exec_t, exim_tmp_t, fail2ban_client_exec_t, fail2ban_tmp_t, fail2ban_var_lib_t, fenced_tmp_t, fetchmail_exec_t, file_context_t, firewalld_exec_t, firewalld_tmp_t, firewallgui_exec_t, firewallgui_tmp_t, firstboot_exec_t, flatpak_helper_exec_t, fonts_cache_t, fonts_t, fprintd_exec_t, fprintd_tmp_t, freqset_exec_t, fsadm_exec_t, fsadm_tmp_t, fsdaemon_tmp_t, ftpd_tmp_t, ftpdctl_exec_t, ftpdctl_tmp_t, fwupd_exec_t, games_exec_t, games_tmp_t, games_tmpfs_t, gconf_tmp_t, gconfd_exec_t, gconfdefaultsm_exec_t, geoclue_exec_t, geoclue_tmp_t, getty_exec_t, getty_tmp_t, git_content_t, git_htaccess_t, git_ra_content_t, git_rw_content_t, git_script_exec_t, git_script_tmp_t, git_sys_content_t, gitd_exec_t, gitosis_exec_t, gitosis_var_lib_t, gkeyringd_exec_t, gkeyringd_tmp_t, glance_registry_tmp_t, glance_tmp_t, gnomesystemmm_exec_t, gpg_agent_exec_t, gpg_agent_tmp_t, gpg_agent_tmpfs_t, gpg_exec_t, gpg_helper_exec_t, gpg_pinentry_tmp_t, gpg_pinentry_tmpfs_t, gpm_tmp_t, gpsd_exec_t, groupadd_exec_t, gssd_tmp_t, hostname_etc_t, hostname_exec_t, hsqldb_tmp_t, httpd_cache_t, httpd_config_t, httpd_exec_t, httpd_helper_exec_t, httpd_keytab_t, httpd_lock_t, httpd_log_t, httpd_modules_t, httpd_passwd_exec_t, httpd_php_exec_t, httpd_php_tmp_t, httpd_rotatelogs_exec_t, httpd_squirrelmail_t, httpd_suexec_exec_t, httpd_suexec_tmp_t, httpd_sys_content_t, httpd_sys_htaccess_t, httpd_sys_ra_content_t, httpd_sys_rw_content_t, httpd_sys_script_exec_t, httpd_tmp_t, httpd_tmpfs_t, httpd_unconfined_script_exec_t, httpd_user_htaccess_t, httpd_user_ra_content_t, httpd_user_rw_content_t, httpd_user_script_exec_t, httpd_var_lib_t, httpd_var_run_t, hugetlbfs_t, hwclock_exec_t, hwloc_dhwd_exec_t, iceauth_exec_t, icecast_exec_t, ifconfig_exec_t, inetd_child_tmp_t, inetd_tmp_t, init_tmp_t, initrc_tmp_t, insights_client_tmp_t, install_exec_t, iotop_exec_t, ipsec_mgmt_exec_t, ipsec_tmp_t, iptables_exec_t, iptables_tmp_t, irc_exec_t, irssi_exec_t, iscsi_tmp_t, iso9660_t, jetty_cache_t, jetty_log_t, jetty_tmp_t, jetty_unit_file_t, jetty_var_lib_t, jetty_var_run_t, jockey_exec_t, journalctl_exec_t, kadmind_tmp_t, kdump_exec_t, kdumpctl_tmp_t, kdumpgui_exec_t, kdumpgui_tmp_t, keepalived_tmp_t, keepalived_unconfined_script_exec_t, keystone_cgi_content_t, keystone_cgi_htaccess_t, keystone_cgi_ra_content_t, keystone_cgi_rw_content_t, keystone_cgi_script_exec_t, keystone_tmp_t, kismet_exec_t, kismet_tmp_t, kismet_tmpfs_t, klogd_tmp_t, kmod_exec_t, kmod_tmp_t, kpatch_exec_t, krb5_conf_t, krb5_host_rcache_t, krb5_keytab_t, krb5kdc_conf_t, krb5kdc_tmp_t, ktalkd_tmp_t, l2tpd_tmp_t, ld_so_cache_t, ld_so_t, ldconfig_exec_t, ldconfig_tmp_t, lib_t, livecd_exec_t, livecd_tmp_t, load_policy_exec_t, loadkeys_exec_t, locale_t, locate_exec_t, lockdev_exec_t, login_exec_t, logrotate_mail_tmp_t, logrotate_tmp_t, logwatch_exec_t, logwatch_mail_tmp_t, logwatch_tmp_t, lpd_tmp_t, lpr_exec_t, lpr_tmp_t, lsassd_tmp_t, lsmd_plugin_exec_t, lsmd_plugin_tmp_t, lvm_exec_t, lvm_tmp_t, machineid_t, mail_munin_plugin_exec_t, mail_munin_plugin_tmp_t, mailman_archive_t, mailman_cgi_exec_t, mailman_cgi_tmp_t, mailman_data_t, mailman_mail_tmp_t, mailman_queue_tmp_t, man2html_content_t, man2html_htaccess_t, man2html_ra_content_t, man2html_rw_content_t, man2html_script_exec_t, man_cache_t, man_t, mandb_cache_t, mcelog_exec_t, mdadm_tmp_t, mediawiki_content_t, mediawiki_htaccess_t, mediawiki_ra_content_t, mediawiki_rw_content_t, mediawiki_script_exec_t, mediawiki_tmp_t, mencoder_exec_t, mirrormanager_exec_t, mirrormanager_log_t, mirrormanager_var_lib_t, mirrormanager_var_run_t, mock_build_exec_t, mock_exec_t, mock_tmp_t, modemmanager_exec_t, mojomojo_content_t, mojomojo_htaccess_t, mojomojo_ra_content_t, mojomojo_rw_content_t, mojomojo_script_exec_t, mojomojo_tmp_t, mongod_tmp_t, mount_ecryptfs_exec_t, mount_exect, mount

Steps to reproduce

1. 2. 3. refresh web page

Expected behavior

no errors in log

Installation method

No response

Operating system

No response

PHP engine version

No response

Web server

No response

Database engine version

No response

Is this bug present after an update or on a fresh install?

No response

Are you using the Nextcloud Server Encryption module?

No response

What user-backends are you using?

• [ ] Default user-backend (database)
• [ ] LDAP/ Active Directory
• [ ] SSO - SAML
• [ ] Other

Configuration report

No response

List of activated Apps

I run all of this and error still persist
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/config(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/apps(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.htaccess'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/.user.ini'
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

restorecon -Rv '/var/www/html/nextcloud/'

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

[l00v3]

I would say that this is not really a bug, but a custom configuration issue, as you have custom data path. I did not try it, but I have a similar configuration and you should add something like this:

semanage fcontext -a -t httpd_sys_rw_content_t '/data/nextcloud(/.*)?'
restorecon -Rv '/data/nextcloud/'

[Blisk]

thank you this now solve a problem.

[l00v3]

Please close the issue if it's solved : )