[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Making SELinux allow access to certain directories [SOLVED]



On Monday 15 October 2007 19:24, Daniel J Walsh wrote:
> Marko Vojinovic wrote:
> > I am a newbie to SELinux, so would prefer not to create local policies
> > etc. What should I do in order to allow access for a typical service to
> > typical directory?
>
> You need to change the labeling on /www
>
> Probably something like
>
> # semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?'
> # restorecon -R -v /www
>
> In order to allow httpd to read content in home directories
> you need to turn on httpd_enable_homedirs
>
> setsebool -P httpd_enable_homedirs 1

Thanks! This works great! :-)

I was amazed to see the wealth of switches listed by getsebool -a once I found 
out about it. Also when I discovered that your answer was actually in 
examples section of man semanage :-) ...

I am going to like SELinux once I get familiar with the ways to configure it.

Btw, what is the actual difference between targeted and strict policies? Why 
are there two of them? I mean, if someone uses SELinux to make the system 
more secure, why is there a distinction between "more secure" and "half more 
secure"?

Thanks for the help! :-)

Best regards, :-)
Marko

Marko Vojinovic
Institute of Physics
University of Belgrade
======================
e-mail: vmarko phy bg ac yu


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]