[newbie] setenforce 1 breaks ~user
Eric Paris
eparis at redhat.com
Wed Mar 9 18:34:19 UTC 2005
I think I understand your problem to be that the home directories are
just left over from the old system and have absolutely no context. If
so you should be able to run
restorecon -R -v /home
to have everything under /home labeled correctly. I believe anything
in /home/[^/]+/public_html will get labeled with
system_u:object_r:httpd_user_content_t which should work.
If you want to relabel the whole system run
touch /.autorelabel
reboot
On Wed, 2005-03-09 at 18:18 +0000, Peter George wrote:
> I recently upgraded to FC3 + Apache 2.0. from RH7.3 + Apache 1.3. Currently running ext3 filesystem.
>
> /home/*/public_html/ files do not have SELinux extended attributes therefore I cannot change the security context on files.
>
> I cannot see www.domain/~user with # /usr/sbin/setenforce 1 it has to be /usr/sbin/setenforce 0
>
> I know I can force file lelabelling to include extended attributes (forgotten the url with the helpful command just now) with a reboot, and then follow the '# chcon' directives at
> http://fedora.redhat.com/docs/selinux-apache-fc3/sn-user-homedir.html
>
> i.e.
>
> # chcon -Rt httpd_sys_content_t /home/*/public_html/
> # /usr/sbin/setenforce 1
>
> Any web references or advice appreciated.
>
> P
> --
> Peter George CIW CI
> Training Manager
> Net Resources Ltd
> 26 Palmerston Place, Edinburgh, EH12 5AL
> T: 0131 477 7127 F: 0131 477 7126
> http://www.netresources.co.uk
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list