Relabeling question
Tony Molloy
tony.molloy at ul.ie
Fri Jun 29 08:41:37 UTC 2007
On Thursday 28 June 2007 12:23, Anthony Messina wrote:
> On Thursday 28 June 2007 03:55:15 am Tony Molloy wrote:
> > Hi,
> >
> > This is on CentOS but it's a SELinux question.
> >
> > I have a filesystem which I need to make available under ftp ( vsftpd )
> > httpd ( apache ) and NFS. It contains our local mirrors.
> >
> > What should the permissions and the SELInux context be on the filesystem
> > and how can I relabel it so that it can be available under all three.
> >
> > The current permissions/SELinux context are
> >
> > drwxr-xr-x root root system_u:object_r:default_t mirrors
> >
> > and I want something like
> >
> > drwxr-xr-x root root root:object_r:public_content_t TEST
>
> you do want the public_content_t (or perhaps the public_content_rw_t if
> it's not read only).
>
This is a read only mirror site so public_content_t should be enough.
How do I do that.
> you may also need to check booleans to allow the different daemons to write
> to the pubilc_content_t areas:
>
> allow_ftpd_anon_write --> off
> allow_httpd_anon_write --> off
> allow_httpd_apcupsd_cgi_script_anon_write --> off
> allow_httpd_bugzilla_script_anon_write --> off
> allow_httpd_squid_script_anon_write --> off
> allow_httpd_sys_script_anon_write --> off
> allow_nfsd_anon_write --> on
> allow_rsync_anon_write --> off
> allow_smbd_anon_write --> on
I looked at the booleans with system-config-selinux and set those I thought I
needed.
Thanks,
Tony
More information about the fedora-selinux-list
mailing list