[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Why does this get denied?

On Mon, 2004-12-20 at 16:32 +0000, Andy Smith wrote:

> Now, the only thing I have changed is, instead of having my document
> root be /var/www/html I've put it in /data/www.  I edited
> /etc/selinux/targeted/src/policy/file_contexts/program/apache.fc to
> reflect the fact that my content is in a different place and did do
> a restorecon to relabel things under /data.

Did you do a 'make -C /etc/selinux/targeted/src/policy reload' ?  Note
that restorecon works on /etc/selinux/targeted/contexts/file_contexts
which is generated from the .fc files.

Personally whenever I'm doing policy customizations like this, I
generally don't touch the .fc files.  I just use chcon to relabel things
on the filesystem only.

> What I don't understand is the reference to /.  Why is selinux
> denying httpd searching /? 

Note that the path reference is relative; it looks to me like it's
trying to read / from dm-1, which presumably is your /data partition,
which has the default label of file_t.

Try this:

chcon -R -h -t httpd_sys_content_t /data

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]