How do I tell if SELinux is working?

Colin Walters walters at
Thu Jun 23 02:25:07 UTC 2005

On Wed, 2005-06-22 at 22:14 -0400, Jon August wrote:
> Would compiling my own version of apache and installing it myself  
> rather than using yum, for example, to install it result in a  
> unconfined httpd?

Probably, yes.  The way the Fedora Apache SELinux setup works is
by /usr/sbin/httpd having the type httpd_exec_t (see 
ls -Z /usr/sbin/httpd).

If you installed an Apache binary in /usr/local/bin/httpd for example,
it might work to do:
chcon -t httpd_exec_t /usr/local/bin/httpd

However you may need to change the types of other files as well (e.g. if
you use /usr/local/etc/httpd, you should probably:
chcon -R -h -t httpd_config_t /usr/local/etc/httpd

An easier (or least more well-tested) route would be to recompile the
Fedora SRPM.  Even easier and more well-tested would be to find a way to
do what you want without compiling your own version of Apache httpd.
Why did you do that, anyways?

More information about the fedora-selinux-list mailing list