Selinux .vs. Apache
Konstantin Ryabitsev
icon at fedoraproject.org
Sun Nov 30 00:01:40 UTC 2008
On Sat, Nov 29, 2008 at 6:31 PM, Michal Jaegermann <michal at harddata.com> wrote:
> Ever heard what 'VirtualHost' is? You may have many of those on a
> single machine and you do not want to drop their corresponding files
> into one big haystack.
>
> I have no idea if this is the case with OP but there could be really
> good reasons, contrary to what you think, when configurations other
> than defaults should/could be used. These are only _defaults_ for
> crying out loud and if something is forcing defaults, or just makes
> hard enough to override those, then this something is plain broken
> by design.
Come on, now -- all you have to do is label the files correctly. E.g.
I'm pretty sure the OP's problems would be resolved by running "chcon
-R -t http_sys_content_t" on his web tree. You do *not* want apache to
read just any file on your filesystem -- it's not "broken by design"
but "made safer by design."
SELinux is not scary or that hard -- once you get used to it, you'll
appreciate the awesome layer of security that it offers.
Regards,
--
Konstantin Ryabitsev
Montréal, Québec
More information about the fedora-test-list
mailing list