SELinux & apache/httpd access to /home/*/www
Stephen Smalley
sds at epoch.ncsc.mil
Fri Sep 17 13:33:24 UTC 2004
On Fri, 2004-09-17 at 08:17, Cream[DONut] wrote:
> when starting httpd, it just fails, there are no AVC messages in
> /var/log, but for testing purpose I set DocumentRoot to the / root of
> the server, which worked, then i tried going to /home, which didnt work,
> I couldnt open /home/xxxxxx or /home/xxxxxx/www.
BTW, when you see no AVC messages but think that SELinux is the culprit,
do a 'make enableaudit load' in the policy source directory and try
again, and then do a 'make clean load' to revert. That is noted in the
Fedora SELinux FAQ. Certain audit messages are explicitly suppressed by
default using dontaudit rules in the policy to avoid filling the logs
with noise, and the 'enableaudit' removes those rules to ensure that you
see every denial.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list