[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Selinux .vs. Apache
- From: "Konstantin Ryabitsev" <icon fedoraproject org>
- To: "For testers of Fedora Core development releases" <fedora-test-list redhat com>
- Subject: Re: Selinux .vs. Apache
- Date: Sat, 29 Nov 2008 19:01:40 -0500
On Sat, Nov 29, 2008 at 6:31 PM, Michal Jaegermann <michal harddata com> wrote:
> Ever heard what 'VirtualHost' is? You may have many of those on a
> single machine and you do not want to drop their corresponding files
> into one big haystack.
>
> I have no idea if this is the case with OP but there could be really
> good reasons, contrary to what you think, when configurations other
> than defaults should/could be used. These are only _defaults_ for
> crying out loud and if something is forcing defaults, or just makes
> hard enough to override those, then this something is plain broken
> by design.
Come on, now -- all you have to do is label the files correctly. E.g.
I'm pretty sure the OP's problems would be resolved by running "chcon
-R -t http_sys_content_t" on his web tree. You do *not* want apache to
read just any file on your filesystem -- it's not "broken by design"
but "made safer by design."
SELinux is not scary or that hard -- once you get used to it, you'll
appreciate the awesome layer of security that it offers.
Regards,
--
Konstantin Ryabitsev
Montréal, Québec
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]