Selinux .vs. Apache
Bruno Wolff III
bruno at wolff.to
Mon Dec 1 05:48:16 UTC 2008
On Sat, Nov 29, 2008 at 19:01:40 -0500,
Konstantin Ryabitsev <icon at fedoraproject.org> wrote:
>
> Come on, now -- all you have to do is label the files correctly. E.g.
> I'm pretty sure the OP's problems would be resolved by running "chcon
> -R -t http_sys_content_t" on his web tree. You do *not* want apache to
> read just any file on your filesystem -- it's not "broken by design"
> but "made safer by design."
You want to use semanage to make sure you don't get burnt later during a
relabel. And once you do that it is easier (and a good double check) to
use restorecon rather than chcon to relabel the files.
I find chcon is more useful for testing things rather than configuring things.
More information about the fedora-test-list
mailing list