SELinux and apache

Issues related to applications and software problems
Typhome
Posts: 27
Joined: 2016/07/09 08:34:03

Re: SELinux and apache

Post by Typhome » 2018/12/13 22:58:10

Typhome wrote:
2018/12/11 10:38:43
Or is it giving those required permissions to apache for all folders/files that is labeled as "httpd_sys_content_t"?
Looks like it's this one.
But isn't that exactly same way like this one?

Code: Select all

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html(/.*)?'
restorecon -R /var/www/html
What's the difference between "httpd_sys_content_t" (that have write permissions set by SELinux custom module) and "httpd_sys_rw_content_t"? Which one should be used and why?

I think labeling "httpd_sys_rw_content_t" to certain folders/files (like "cache", "uploads" folder) is safer... than "httpd_sys_content_t" having write permissions set by SELinux custom module which means it's all files/folders in /var/www/html
Last edited by Typhome on 2018/12/15 15:46:32, edited 2 times in total.

Typhome
Posts: 27
Joined: 2016/07/09 08:34:03

Re: SELinux and apache

Post by Typhome » 2018/12/15 15:44:56

bump

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: SELinux and apache

Post by hunter86_bg » 2018/12/15 16:04:06

Well, I wouldn't give rw_t to the whole '/var/we/html' .
Just check which subdirs need to be set as rw_t and set them that way...

Post Reply