Problem with SELinux on Fedora 9
I'm attempting to install a CMS on my Fedora 9 system. I thought I had installed the OS with SELinux in 'warning' mode - when I try to install the CMS, I get this error:
SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types. The suggested fix is: Fix Command: setsebool -P httpd_unified=1 I can run setsebool on the command line and it doesn't seem to complain. But then re-running my CMS install brings up the same error. Question - is there an easy way to bypass this? Is there an easy way to just disable SELinux? (Secondary question - is disabling SELinux a bad thing to do??) Thanks, nbc |
Quote:
Quote:
|
SELinux/Fedora9
I did some digging and I found that SELinux is in fact enabled on my system. It can be put into 'permissive' mode where it will log actions but not deny them by editing /etc/selinux/config (this may be Fedora specific, other systems may do it differently)
Your suggestion of using chcon is one that I will look into. The machine in question is inside my firewall and I'm doing some development testing on it - so running selinux in permissive mode will probably be ok for this. But I agree that disabling it for a machine running a net-connected web server is probably not the best idea. Thanks for the help nbc |
Quote:
Quote:
|
All times are GMT -5. The time now is 05:18 PM. |