解决django.db.utils.OperationalError: attempt to write a readonly database问题

打开浏览器访问learning_log登录页面，出现如下错误：

执行如下命令：
[root@baoguo learning_log]# ll db.sqlite3
-rwxrwxrwx. 1 zhang zhang 147456 Oct  2 16:11 db.sqlite3
[root@baoguo learning_log]# ll -d .
drwxrwxrwx. 12 zhang zhang 4096 Oct  2 16:11 .
显示文件和目录权限为777，任何用户有写入的权限。

cat /var/log/httpd/error_log
[Thu Oct 02 14:31:43.373497 2025] [wsgi:error] [pid 7466:tid 7626] [client 192.168.1.44:55482] django.db.utils.OperationalError: attempt to write a readonly database, referer: http://192.168.1.101/accounts/register/
日志文件显示写入只读数据库被拒绝

[root@baoguo accounts]# ausearch -m AVC -ts recent
<no matches>
审计信息显示找不到selinux访问拒绝记录

[root@baoguo learning_log]# man semodule
EXAMPLE
# Turn on all AVC Messages for which SELinux currently is "dontaudit"ing.
$ semodule -DB
[root@baoguo learning_log]# semodule -DB
重点：该选项打开AVC审计信息

[root@baoguo learning_log]# ausearch -m AVC -ts recent
type=AVC msg=audit(1759392419.488:4923): avc:  denied  { setattr } for  pid=8104 comm="rpm" name="rpmdb.sqlite-shm" dev="dm-0" ino=67240075 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file permissive=0
有AVC记录了

[root@baoguo learning_log]# ausearch -m AVC -ts recent | audit2why
type=AVC msg=audit(1759392468.280:4934): avc:  denied  { net_admin } for  pid=7462 comm="httpd" capability=12  scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capability permissive=0
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
从AVC记录分析拒绝原因和解决方法

[root@baoguo learning_log]# grep httpd /var/log/audit/audit.log | audit2allow -M net_admin
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i net_admin.pp
生成允许访问策略

[root@baoguo learning_log]# semodule -i net_admin.pp
安装策略模块

[root@baoguo learning_log]# cat net_admin.te
module net_admin 1.0;
require {
type user_home_t;
type httpd_t;
class capability net_admin;
class dir write;
}
#============= httpd_t ==============
allow httpd_t self:capability net_admin;
allow httpd_t user_home_t:dir write;
te（type enforement）文件定义的具体规则
所以解决该问题的关键步骤是执行semodule -DB命令以打开AVC审计开关