SELinux & apache/httpd access to /home/*/www
Daniel J Walsh
dwalsh at redhat.com
Fri Sep 17 15:42:29 UTC 2004
Stephen Smalley wrote:
>On Fri, 2004-09-17 at 08:17, Cream[DONut] wrote:
>
>
>>when starting httpd, it just fails, there are no AVC messages in
>>/var/log, but for testing purpose I set DocumentRoot to the / root of
>>the server, which worked, then i tried going to /home, which didnt work,
>>I couldnt open /home/xxxxxx or /home/xxxxxx/www.
>>
>>
>
>BTW, when you see no AVC messages but think that SELinux is the culprit,
>do a 'make enableaudit load' in the policy source directory and try
>again, and then do a 'make clean load' to revert. That is noted in the
>Fedora SELinux FAQ. Certain audit messages are explicitly suppressed by
>default using dontaudit rules in the policy to avoid filling the logs
>with noise, and the 'enableaudit' removes those rules to ensure that you
>see every denial.
>
>
>
I also have it working fine. With the 1-17-17 policy, targeted and strict.
DocumentRoot is /var/www/html
Attached the difference in httpd.conf to get it to work.
ls -laZ ~dwalsh/www/
drwx--x--x dwalsh dwalsh system_u:object_r:httpd_user_content_t .
drwxr-xr-x dwalsh dwalsh system_u:object_r:user_home_dir_t ..
-rw-r--r-- dwalsh dwalsh system_u:object_r:httpd_user_content_t
hunts.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040917/fcbd3491/attachment.ksh>
More information about the fedora-selinux-list
mailing list