[newbie] setenforce 1 breaks ~user

Peter George peter at netresources.co.uk
Wed Mar 9 18:34:23 UTC 2005 

touch /.autorelabel
reboot

Is the way forward then. Thank you.

:-)

P
--
Peter George CIW CI
Training Manager
Net Resources Ltd
26 Palmerston Place, Edinburgh, EH12 5AL
T: 0131 477 7127  F: 0131 477 7126
http://www.netresources.co.uk



-----Original Message-----
From: fedora-selinux-list-bounces at redhat.com on behalf of Eric Paris
Sent: Wed 09/03/2005 18:34
To: Fedora SELinux support list for users &  developers.
Subject: Re: [newbie] setenforce 1 breaks ~user
 
I think I understand your problem to be that the home directories are
just left over from the old system and have absolutely no context.  If
so you should be able to run

restorecon -R -v /home

to have everything under /home labeled correctly.  I believe anything
in /home/[^/]+/public_html will get labeled with
system_u:object_r:httpd_user_content_t which should work.

If you want to relabel the whole system run
touch /.autorelabel
reboot

On Wed, 2005-03-09 at 18:18 +0000, Peter George wrote:
> I recently upgraded to FC3 +  Apache 2.0. from RH7.3 + Apache 1.3. Currently running ext3 filesystem.
> 
> /home/*/public_html/ files do not have SELinux extended attributes therefore I cannot change the security context on files. 
> 
> I cannot see www.domain/~user with # /usr/sbin/setenforce 1 it has to be /usr/sbin/setenforce 0
> 
> I know I can force file lelabelling to include extended attributes (forgotten the url with the helpful command just now) with a reboot, and then follow the '# chcon' directives at
> http://fedora.redhat.com/docs/selinux-apache-fc3/sn-user-homedir.html
> 
> i.e.
> 
> # chcon -Rt httpd_sys_content_t /home/*/public_html/
> # /usr/sbin/setenforce 1
> 
> Any web references or advice appreciated.
> 
> P
> --
> Peter George CIW CI
> Training Manager
> Net Resources Ltd
> 26 Palmerston Place, Edinburgh, EH12 5AL
> T: 0131 477 7127  F: 0131 477 7126
> http://www.netresources.co.uk
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list at redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list