Hi Jan
I'm trying to allow apache to read a user folder as follows:
% semanage fcontext -a -t httpd_t "/home/zopeuser/data(/.*)?"
semanage doesn't update the labels of existing files. So you'll need to run "restorecon -R /home/zopeuser/data" before this will work.
I did what you suggested; however lots of messages like this appeared:
restorecon set context /home/zopeuser/data/certs/demoCA/certs->system_u:object_r:httpd_t:s0 failed:'Permission denied'
Then I tried: fixfiles restore
But again I got lots of errors like this:
/sbin/setfiles: unable to relabel /home/zopeuser/data/certs/demoCA to system_u:object_r:httpd_t:s0 /home/zopeuser/data/certs/demoCA/crl: Permission denied
Even this doesn't works: % touch /.autorelabel % reboot
But this is I got in the message log after rebooting:
May 9 22:16:39 my_host kernel: audit(1178741787.823:58): avc: denied { relabelto } for pid=1368 comm="setfiles" name="data" dev=hda4 ino=2121605 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:httpd_t:s0 tclass=dir May 9 22:16:39 my_host kernel: audit(1178741787.823:59): avc: denied { associate } for pid=1368 comm="setfiles" name="data" dev=hda4 ino=2121605 scontext=system_u:object_r:httpd_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem May 9 22:16:39 my_host kernel: audit(1178741787.834:60): avc: denied { read } for pid=1368 comm="setfiles" name="data" dev=hda4 ino=2121605 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:httpd_t:s0 tclass=dir May 9 22:16:39 my_host kernel: audit(1178741787.834:61): avc: denied { search } for pid=1368 comm="setfiles" name="data" dev=hda4 ino=2121605 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:httpd_t:s0 tclass=dir
Till here I don't know what to do. Unfortunately must documentation I found talk about using the "Security Level and Firewall" menu entry from Gnome, but I don't have X nor I want to install it.
Thanks for the reply anyway.