audit2allow – generate SELinux policy allow rules from logs of denied operations.
Running:
yum provides audit2allow
Read More
Tag: selinux
SELinux preventing Apache from writing to a file
For files you want Apache to be able to write to, the type must be set to httpd_sys_rw_content_t
To permanently mark that directory as httpd_sys_rw_content_t, you can use the command
semanage fcontext -a -t httpd_sys_rw_content_t /var/www/webapp/k/site(/.*)?;
restorecon -RF /var/www/webapp/k/site/
This will survive SELINUX binary policy updates and filesystem relabeling.
Read More
Allowing apache (httpd) to run from home directory in Red Hat, CentOS and Fedora
Q: I have installed apache and chose to put my document root into a home directory. I could not get apache to start and after much research I found it was SELINUX stopping it from starting. I was told not to disable SELINUX and to configure it to work with the new directory. Do you have any idea how I can accomplish this?
A: Set the httpd_enable_homedirs boolean in SELINUX to allow such access.
So the first thing I would do is use the sealert command to pull the relevant information from the audit log. Read More