SELinux and Big Brother
Tom Diehl
tdiehl at rogueind.com
Tue Nov 15 02:00:20 UTC 2005
On Mon, 14 Nov 2005, Stephen Walton wrote:
> I just got Big Brother working on Fedora Core 4 with SELinux enabled.
> The key steps:
>
> 1. With SELinux turned on, apache adamantly refuses to follow symbolic
> links, even if FollowSymLinks is set in httpd.conf. (Is this a bug?) The
> only workaround I've been able to find is a bind mount:
Don't know but...
>
> # mkdir /var/www/html/bb
> # mount -o bind /home/bb/bb/www /var/www/html/bb
Why don't you simply put something like the following in
/etc/httpd/conf.d/bb.conf:
#
# Big Brother is a web based network monitoring program
#
Alias /bb /home/bb/bb/www
<Directory /home/bb/bb/www/>
order deny,allow
deny from all
allow from 127.0.0.1
allow from 192.168.0
</Directory>
Season to taste of course.
That way you do not have to mess with symlinks.
> 2. Change the context:
>
> # chcon -R -h -t httpd_user_content_t /home/bb/bb/www
>
> 3. Change the two 'mv' commands in bb-display.sh to 'cp' commands so
> that the contexts get preserved when the page is regenerated.
That sounds like the piece I was missing.
Thanks.
>
> Of course in the above I'm assuming DocumentRoot in apache is set to
> /var/www/html and that your Big Brother server files are in
> /home/bb/bb. Change as appropriate for your setup.
That is a standard bb setup, so it should work for most.
Regards,
Tom Diehl tdiehl at rogueind.com Spamtrap address mtd123 at rogueind.com
More information about the fedora-selinux-list
mailing list