Making SELinux allow access to certain directories [SOLVED]
Marko Vojinovic
vvmarko at panet.co.yu
Tue Oct 16 09:30:18 UTC 2007
On Monday 15 October 2007 19:24, Daniel J Walsh wrote:
> Marko Vojinovic wrote:
> > I am a newbie to SELinux, so would prefer not to create local policies
> > etc. What should I do in order to allow access for a typical service to
> > typical directory?
>
> You need to change the labeling on /www
>
> Probably something like
>
> # semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
> # restorecon -R -v /www
>
> In order to allow httpd to read content in home directories
> you need to turn on httpd_enable_homedirs
>
> setsebool -P httpd_enable_homedirs 1
Thanks! This works great! :-)
I was amazed to see the wealth of switches listed by getsebool -a once I found
out about it. Also when I discovered that your answer was actually in
examples section of man semanage :-) ...
I am going to like SELinux once I get familiar with the ways to configure it.
Btw, what is the actual difference between targeted and strict policies? Why
are there two of them? I mean, if someone uses SELinux to make the system
more secure, why is there a distinction between "more secure" and "half more
secure"?
Thanks for the help! :-)
Best regards, :-)
Marko
Marko Vojinovic
Institute of Physics
University of Belgrade
======================
e-mail: vmarko at phy.bg.ac.yu
More information about the fedora-list
mailing list