Why does this get denied?
Colin Walters
walters at redhat.com
Mon Dec 20 16:37:30 UTC 2004
On Mon, 2004-12-20 at 16:32 +0000, Andy Smith wrote:
> Now, the only thing I have changed is, instead of having my document
> root be /var/www/html I've put it in /data/www. I edited
> /etc/selinux/targeted/src/policy/file_contexts/program/apache.fc to
> reflect the fact that my content is in a different place and did do
> a restorecon to relabel things under /data.
Did you do a 'make -C /etc/selinux/targeted/src/policy reload' ? Note
that restorecon works on /etc/selinux/targeted/contexts/file_contexts
which is generated from the .fc files.
Personally whenever I'm doing policy customizations like this, I
generally don't touch the .fc files. I just use chcon to relabel things
on the filesystem only.
> What I don't understand is the reference to /. Why is selinux
> denying httpd searching /?
Note that the path reference is relative; it looks to me like it's
trying to read / from dm-1, which presumably is your /data partition,
which has the default label of file_t.
Try this:
chcon -R -h -t httpd_sys_content_t /data
More information about the fedora-selinux-list
mailing list