How do I tell if SELinux is working?
Colin Walters
walters at redhat.com
Thu Jun 23 02:25:07 UTC 2005
On Wed, 2005-06-22 at 22:14 -0400, Jon August wrote:
> Would compiling my own version of apache and installing it myself
> rather than using yum, for example, to install it result in a
> unconfined httpd?
Probably, yes. The way the Fedora Apache SELinux setup works is
by /usr/sbin/httpd having the type httpd_exec_t (see
ls -Z /usr/sbin/httpd).
If you installed an Apache binary in /usr/local/bin/httpd for example,
it might work to do:
chcon -t httpd_exec_t /usr/local/bin/httpd
However you may need to change the types of other files as well (e.g. if
you use /usr/local/etc/httpd, you should probably:
chcon -R -h -t httpd_config_t /usr/local/etc/httpd
An easier (or least more well-tested) route would be to recompile the
Fedora SRPM. Even easier and more well-tested would be to find a way to
do what you want without compiling your own version of Apache httpd.
Why did you do that, anyways?
More information about the fedora-selinux-list
mailing list