Wrong selinux context by default! fixed!

Default :
hien@hien-laptop ~$ ssh hien@fedorapeople.org "ls -Z public_html/ "
drwxrwxr-x. hien hien system_u:object_r:var_t:s0 images
-rw-rw-r--. hien hien system_u:object_r:var_t:s0 index.html

I fix by "restorecon -Rv public_html/"

So, in order to make a bit of sense for the infra guys who weren't on IRC today, the problem is that hien's files had theis SELinux context:
{{{
-rw-rw-r--. hien hien system_u:object_r:var_t:s0 index.html
}}}

On my FedoraPeople, I have:
{{{
-rw-rw-r--. bochecha bochecha unconfined_u:object_r:httpd_user_content_t:s0 index.html
}}}

So I told hien to run the following command, which "fixed" his issue:
{{{
restorecon -Rv public_html
}}}

He doesn't get the 403 error anymore.

However, it still seems weird that his files don't have the appropriate SELinux context by default, as he says he only copied them via scp, and created one directly on the server with vim.

I never did anything special to mine, and they end up created with the correct context, so something might be wrong with his user/account/home/...

Note: I am not part of the infra team, just a random guy who happened to be there in #fedora-admin. :)

Thanks for debugging and figuring this out :-)

Unfortunately, I can't reproduce this issue myself - I tried scping a new public_html directory to my account without any special options, and the contexts ended up correct.

hien: Are you still able to reproduce this problem if you try removing your public_html and re-uploading your files? If so, can you give us the exact commands that you are using to upload them?

Yes, I can reproduce this problem! See detail:
{{{
[hien@people02 ~]$ ls -Z
drwxrwxr-x. hien hien unconfined_u:object_r:httpd_user_content_t:s0 public_html
[hien@people02 ~]$ mv public_html/ public_html_bk/
[hien@people02 ~]$ mkdir public_html/
[hien@people02 ~]$ ls -Z
drwxrwxr-x. hien hien system_u:object_r:var_t:s0 public_html
drwxrwxr-x. hien hien unconfined_u:object_r:httpd_user_content_t:s0 public_html_bk
[hien@people02 ~]$ touch public_html/index.html
[hien@people02 ~]$ ls -Z public_html/
-rw-rw-r--. hien hien system_u:object_r:var_t:s0 index.html
[hien@people02 ~]$ curl -I http://hien.fedorapeople.org/
HTTP/1.1 403 Forbidden
Date: Tue, 24 May 2011 16:44:44 GMT
Server: Apache/2.2.15
Connection: close
Content-Type: text/html; charset=iso-8859-1

[hien@people02 ~]$ restorecon -Rv public_html/
restorecon reset /home/fedora/hien/public_html context system_u:object_r:var_t:s0->unconfined_u:object_r:httpd_user_content_t:s0
restorecon reset /home/fedora/hien/public_html/index.html context system_u:object_r:var_t:s0->unconfined_u:object_r:httpd_user_content_t:s0
[hien@people02 ~]$ curl -I http://hien.fedorapeople.org/
HTTP/1.1 200 OK
Date: Tue, 24 May 2011 16:45:25 GMT
Server: Apache/2.2.15
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html; charset=UTF-8

[hien@people02 ~]$
}}}

Ah, it turns out that this issue only affected new users, which is why I could not reproduce. I've fixed the context on your home directory, as well as made some changes to ensure that new accounts won't run into this same issue.

Thanks for reporting and debugging this issue!