SELinux problem (was Re: Is httpd in FC3 chrooted???)

Steve Brueckner steve at atc-nycorp.com
Tue Feb 8 14:36:47 UTC 2005 

Sounds like there may be some problems with your SELinux install, since that
chcon command should work.  SELinux is very much a moving target these days,
and to really get into it you'd need to go to the Fedora SELinux mailing
list.  

At a glance, it looks like your file system never got labeled properly.
Try:

touch /.autorelabel
reboot

It may take 5 to 10 minutes for the relabeling after reboot, so be patient.
If that doesn't work, head over to the other mailing list.

 - Steve Brueckner, ATC-NY

-----Original Message-----
From: D. D. Brierton [mailto:darren at dzr-web.com] 
Sent: Tuesday, February 08, 2005 9:20 AM
To: fedora-list at redhat.com
Subject: SELinux problem (was Re: Is httpd in FC3 chrooted???)


On Tue, 2005-02-08 at 13:33 +0000, D. D. Brierton wrote:

> Okay, it seems it's SELinux related. I'm currently reading my way 
> through
> 
> http://fedora.redhat.com/docs/selinux-apache-fc3/
> 
> but if anyone has some advice I'd be grateful. Thanks!

One problem is that it seems that most of the files in my /home partition
don't have *any* SELinux security context, only newly created files do.

Furthermore, the document above says that files in my home directory should
have type "user_home_t", whereas in fact all of the newly created files in
my home directory which do have a security context just have type "file_t".
Sigh. I'm confused. This is a bit of a baptism by fire -- all I wanted to do
was get on with my work and instead I've spent the morning learning about
SELinux.

I tried to use restorecon, but it segfaults:

$ /sbin/restorecon -R -v /home/darren
/sbin/restorecon reset context
/home/darren:->system_u:object_r:user_home_dir_t
Segmentation fault

I need to use either

chcon -R -t httpd_sys_content_t public_html

or

chcon -R -t httpd_user_content_t public_html

I think, so that Apache can access the DocumentRoots of my VirtualHosts
(they're all in ~/public_html/), but when I try either I get:

chcon: can't apply partial context to unlabeled file public_html/

which I take to mean that I also need to supply values for -u and -r, but I
don't what values I should be using.

I'd really appreciate some help!

Best, Darren

-- 
=====================================================================
D. D. Brierton            darren at dzr-web.com          www.dzr-web.com
       Trying is the first step towards failure (Homer Simpson)
=====================================================================

-- 
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

More information about the fedora-list mailing list