Thank you so much for your advice.In the current configuration, SELinux allow write to
whom?Can you tell me in your opinion which directories of WordPress must have
"httpd_sys_rw_content_t" label and which one "httpd_sys_r_content_t"
On Sun, Sep 20, 2020 at 3:01 AM, mailist<mailist(a)kaminot.xyz> wrote: Hi Jason,
1. Well just turning on your computer can lead to it beeing hacked...
Just remember SELinux is a part of the kernel with some policies
defined. You are the one making the rules but by default everything is
denied. (fyi would recommend you going through this
it is really well explained).
well httpd_sys_r_content_r allow only read only access weither
httpd_sys_rw_content_t allows also write. What is dangerous is the write
one beeing defined everywhere (like in any systems). You can mix both,
on the files that wordpress should write:httpd_sys_rw_content_t and the
2. this command is setting a boolean to on that allows any programs
under the httpd context to communicate over the internet (yes SELinux
So as a resume, nothing is either white or black but rather a mix of the 2.
And btw if you are really preoccupied about security as a whole just
throw away wordpress (or run it as a static website (for example with gaby).
On 9/19/20 11:56 PM, Jason Long wrote:
I'm using CentOS 8 as a web server that hosting a WordPress website. I
have two questions.
1- I defined SELinux for WordPress directory as below:
# ls -lZ /var/www/
drwxrwxr-x. 7 apache apache
unconfined_u:object_r:httpd_sys_rw_content_t:s0 4096 Sep 19 23:37 wp
I created an account for a remote developer that working on WordPress.
On some websites, I saw that the OK permission for
wp directory is "httpd_sys_r_content_t" and not
and someone recommended to back permission via below command:
# restorecon -rv /var/www/wp
Is it true? Is "httpd_sys_rw_content_t" a dangerous permission and can
lead to hacking?
2- WordPress can't update and showed me "cURL Error (7): couldn't
connect to host" error. I did below command to solve it:
# setsebool -P httpd_can_network_connect on
Can this command make Apache insecure and must I turn it to "off" ?
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines