Why does this get denied?
Andy Smith
andy at strugglers.net
Mon Dec 20 17:02:14 UTC 2004
On Mon, Dec 20, 2004 at 11:37:30AM -0500, Colin Walters wrote:
> On Mon, 2004-12-20 at 16:32 +0000, Andy Smith wrote:
>
> > Now, the only thing I have changed is, instead of having my document
> > root be /var/www/html I've put it in /data/www. I edited
> > /etc/selinux/targeted/src/policy/file_contexts/program/apache.fc to
> > reflect the fact that my content is in a different place and did do
> > a restorecon to relabel things under /data.
>
> Did you do a 'make -C /etc/selinux/targeted/src/policy reload' ? Note
> that restorecon works on /etc/selinux/targeted/contexts/file_contexts
> which is generated from the .fc files.
I did "make load", that would have been enough, right?
> > What I don't understand is the reference to /. Why is selinux
> > denying httpd searching /?
>
> Note that the path reference is relative; it looks to me like it's
> trying to read / from dm-1, which presumably is your /data partition,
> which has the default label of file_t.
>
> Try this:
>
> chcon -R -h -t httpd_sys_content_t /data
Ah! That makes a lot more sense now, thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041220/5e9771a1/attachment.sig>
More information about the fedora-selinux-list
mailing list