Difference between revisions of "SElinux notes"

From Wiki
Jump to: navigation, search
Line 12: Line 12:
  
 
  chcon --reference=/root/ -R /www
 
  chcon --reference=/root/ -R /www
 +
 +
Apache rules for cpanel:
 +
 +
/etc/selinux/targeted/contexts/files/file_contexts.local:
 +
 +
<pre>
 +
/usr/local/apache/bin/ab    system_u:object_r:bin_t:s0
 +
/usr/local/apache/bin/htdbm    system_u:object_r:bin_t:s0
 +
/usr/local/apache/bin/htdigest    system_u:object_r:bin_t:s0
 +
/usr/local/apache/bin/htpasswd    system_u:object_r:bin_t:s0
 +
/usr/local/apache/bin/logresolve    system_u:object_r:bin_t:s0
 +
/usr/local/apache/bin/apachectl    system_u:object_r:httpd_initrc_exec_t:s0
 +
/usr/local/apache/bin/htcacheclean    system_u:object_r:sbin_t:s0
 +
/usr/local/apache/bin/httpd    system_u:object_r:httpd_exec_t:s0
 +
/usr/local/apache/bin/httxt2dbm    system_u:object_r:sbin_t:s0
 +
/usr/local/apache/bin/rotatelogs    system_u:object_r:httpd_rotatelogs_exec_t:s0
 +
/usr/local/apache/conf(/.*)?    system_u:object_r:httpd_config_t:s0
 +
/usr/local/apache/error/README    system_u:object_r:httpd_config_t:s0
 +
/usr/local/apache/icons/README    system_u:object_r:httpd_config_t:s0
 +
/usr/local/apache/icons(/.*)?    system_u:object_r:httpd_sys_content_t:s0
 +
/usr/local/apache/error(/.*)?    system_u:object_r:httpd_sys_content_t:s0
 +
/usr/local/apache/modules(/.*)?    system_u:object_r:httpd_modules_t:s0
 +
/usr/local/apache/logs(/.*)?    system_u:object_r:httpd_log_t:s0
 +
</pre>

Revision as of 14:01, 15 October 2014

Relabel the file system:

touch /.autorelabel
reboot

Update security policy for a directory:

semanage fcontext -a -f "" -t httpd_sys_content_t '/www(/.*)?'
restorecon -RFvv /www

You can also temporarily change context using the chcon command.

chcon --reference=/root/ -R /www

Apache rules for cpanel:

/etc/selinux/targeted/contexts/files/file_contexts.local:

/usr/local/apache/bin/ab    system_u:object_r:bin_t:s0
/usr/local/apache/bin/htdbm    system_u:object_r:bin_t:s0
/usr/local/apache/bin/htdigest    system_u:object_r:bin_t:s0
/usr/local/apache/bin/htpasswd    system_u:object_r:bin_t:s0
/usr/local/apache/bin/logresolve    system_u:object_r:bin_t:s0
/usr/local/apache/bin/apachectl    system_u:object_r:httpd_initrc_exec_t:s0
/usr/local/apache/bin/htcacheclean    system_u:object_r:sbin_t:s0
/usr/local/apache/bin/httpd    system_u:object_r:httpd_exec_t:s0
/usr/local/apache/bin/httxt2dbm    system_u:object_r:sbin_t:s0
/usr/local/apache/bin/rotatelogs    system_u:object_r:httpd_rotatelogs_exec_t:s0
/usr/local/apache/conf(/.*)?    system_u:object_r:httpd_config_t:s0
/usr/local/apache/error/README    system_u:object_r:httpd_config_t:s0
/usr/local/apache/icons/README    system_u:object_r:httpd_config_t:s0
/usr/local/apache/icons(/.*)?    system_u:object_r:httpd_sys_content_t:s0
/usr/local/apache/error(/.*)?    system_u:object_r:httpd_sys_content_t:s0
/usr/local/apache/modules(/.*)?    system_u:object_r:httpd_modules_t:s0
/usr/local/apache/logs(/.*)?    system_u:object_r:httpd_log_t:s0