I've an alternative sub-dir for my Dokuwiki. Hence I need to re-lable the files and directories for SeLinux in order to get Apache fully access/execution rights for php and other scripts ...
I get the following error:
Code: Select all
python: SELinux is preventing httpd from read access on the directory /raid_fs_1/dokuwiki/lib/plugins.#012#012***** Plugin catchall_labels (83.8 confidence) suggests *******************#012#012If you want to allow httpd to have read access on the plugins directory#012Then you need to change the label on /raid_fs_1/dokuwiki/lib/plugins#012Do#012# semanage fcontext -a -t FILE_TYPE '/raid_fs_1/dokuwiki/lib/plugins'#012where FILE_TYPE is one of the following: abrt_retrace_spool_t, apcupsd_cgi_content_t, apcupsd_cgi_htaccess_t, ...
zoneminder_var_lib_t.#012Then execute:#012restorecon -v '/raid_fs_1/dokuwiki/lib/plugins'#012#012#012***** Plugin catchall (17.1 confidence) suggests **************************#012#012If you believe that httpd should be allowed read access on the plugins directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'httpd' --raw | audit2allow -M my-httpd#012# semodule -i my-httpd.pp#012
I had re-labled directories (e.g. /raid_fs_1/dokuwiki/lib/plugins) as being: "system_u:object_r:httpd_sys_rw_content_t:s0"
At first the process seem to work fine. Even restorecon told me the relabelling from system_u:object_r:default_t:s0 -> system_u:object_r:httpd_sys_rw_content_t:s0 was working.
However, a "ls -Z" revealed that this was not the case. No relabelling had been done at all !
worse: checking my current SE-Config -> "semanage export >> local_config" shows:
Code: Select all
fcontext -a -f a -t httpd_sys_rw_content_t '/raid_fs_1/dokuwiki/conf(/.*)?'
fcontext -a -f a -t httpd_sys_rw_content_t '/raid_fs_1/dokuwiki/data(/.*)?'
fcontext -a -f a -t httpd_sys_script_exec_t '/raid_fs_1/dokuwiki/index.php'
fcontext -a -f a -t httpd_sys_script_exec_t '/raid_fs_1/dokuwiki/doku.php'
fcontext -a -f a -t httpd_sys_script_exec_t '/raid_fs_1/dokuwiki/feed.php'
fcontext -a -f a -t httpd_sys_rw_content_t '/raid_fs_1/wiki/dokuwiki/bin(/.*)?'
fcontext -a -f a -t httpd_sys_rw_content_t '/raid_fs_1/wiki/dokuwiki/inc(/.*)?'
fcontext -a -f a -t httpd_sys_rw_content_t '/raid_fs_1/wiki/dokuwiki/lib(/.*)?'
Needless to say that the directories are NOT labeled that way. Tehy are still: system_u:object_r:default_t:s0
Another "restorecon -R -v -F /raid_fs_1/wiki/dokuwiki/lib" doesn't do anything ... produces no output nor change anything.
Also reboot has no effect ...
Any ideas ?