PHP _FILES array and SELinux – forbidden file access

I have this issue with PHP and SELinux on Red Hat Enterprise Linux (RHEL) for AWS. When I use _FILES array to get the file (jpg) from POST, it makes the SELinux type to be user_tmp_t instead of httpd_sys_content_1 which is necessary when move_uploaded_file moves the file to the upload directory which is in the standard var/www/html/ directory. Because move_uploaded_file never changes the SELinux type on the file, the jpg file becomes forbidden to use. How do I solve this problem?

move_uploaded_file($_FILES['file']['tmp_name'], $uploaddir) is what I am using.

I’ve tried changing the php.ini sys_upload_dir and upload_tmp_dir but the problem still exists. I’ve also tried creating a new folder to store tmp files and using sudo semanage fcontext -a -t httpd_sys_content_t "/phptmp(/.*)?" but still does not work.

semanage fcontext -a -t httpd_sys_content_t '/var/www/html(/.*)?' and restorecon -R -v /var/www/html/ does solve the problem for the existing files, but it doesn’t work in the future though because PHP is causing it to be user_tmp_t every time.

I would like to use SELinux but this is very frustrating since I don’t know a way to change SELinux properties on PHP really.


Source: stackoverflow-php