SELinux notes
Jump to navigation
Jump to search
Some notes on selinux: To see the context of a file type ls -lZ The contexts are listed like this: user:role:type
Usually if there is a problem with an selinux context, it’s usually the type.g For http you want the types to match what’s in the /etc/httpd/ directory. There are generally three types for http: content, logs and conf. Here is how I got the wiki to work:
chcon -t httpd_config_t /domains/wiki.ucsf.bkslab.org/wiki.ucsf.bkslab.org.conf chcon -R -t httpd_log_t /domains/wiki.ucsf.bkslab.org/logs chcon -R -t httpd_user_content_t /domains/wiki.ucsf.bkslab.org/htdocs chcon -R -t httpd_sys_script_rw_t /domains/wiki.ucsf.bkslab.org/htdocs/images chcon -R -t httpd_sys_script_exec_t /domains/wiki.ucsf.bkslab.org/htdocs/extensions chcon -R -t httpd_user_script_exec_t /usr/share/pear chcon -R -t httpd_user_script_exec_t /usr/share/php chcon -R -t httpd_user_script_exec_t /usr/share/mysql (?) setsebool -P httpd_can_sendmail 1
Debugging:
sestatus getsebool -a | grep httpd
HOW I GOT SELINUX WORKING RIGHT FOR USER WEBSITES:
chcon -R -t httpd_log_t logs chcon -R -t httpd_user_content_t public_html chcon -R -t httpd_config_t tdemers.ucsf.bkslab.org.conf chcon -R -t httpd_user_script_exec_t /usr/share/pear chcon -R -t httpd_user_script_exec_t /usr/share/php chcon -R -t httpd_user_script_exec_t /usr/share/mysql (?) setsebool -P httpd_can_sendmail 1 setsebool -P httpd_can_network_connect on setsebool -P httpd_can_network_connect_db on setsebool -P httpd_enable_homedirs on
2097148404 1572864000 2097152000 1269939
on alpha
cd /nfs/db4/dbraw/zinc chcon system_u:object_r:nfs_t:s0 ??
rebuild, etc