[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Why does this get denied?

On Mon, Dec 20, 2004 at 11:37:30AM -0500, Colin Walters wrote:
> On Mon, 2004-12-20 at 16:32 +0000, Andy Smith wrote:
> > Now, the only thing I have changed is, instead of having my document
> > root be /var/www/html I've put it in /data/www.  I edited
> > /etc/selinux/targeted/src/policy/file_contexts/program/apache.fc to
> > reflect the fact that my content is in a different place and did do
> > a restorecon to relabel things under /data.
> Did you do a 'make -C /etc/selinux/targeted/src/policy reload' ?  Note
> that restorecon works on /etc/selinux/targeted/contexts/file_contexts
> which is generated from the .fc files.

I did "make load", that would have been enough, right?

> > What I don't understand is the reference to /.  Why is selinux
> > denying httpd searching /? 
> Note that the path reference is relative; it looks to me like it's
> trying to read / from dm-1, which presumably is your /data partition,
> which has the default label of file_t.
> Try this:
> chcon -R -h -t httpd_sys_content_t /data

Ah!  That makes a lot more sense now, thanks.

Attachment: pgp00016.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]