Jonathan Aquilina a écrit :
Hi guys i have a question regarding SEL.
I have a VM that is on centos 7 and before I had an issue with wordpress
where it was in read only mode and i ran
chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html/wordpress
to put it in read write mode for me to update the site
I then ran
restorecon -rv /var/www/html to restore things to the way they are.
since then i have not had to run the commands again to update the site
with any other updates
what exactly is happening
Hi Jonathan,
when you run the 'chcon', you're changing the contexte of the
directory and its subdirectories
As you noticed, it works fine
But, when you run the 'restorecon', the command read what contexte to
apply for each file and directory in a policy file
If you don't update the policy file with what you want
(httpd_sys_rw_content_t on /var/www/html/wordpress and its
subdirectories), then restorecon will reset the contexte accordingly
to its policy file
See 'semanage fcontext' for editing the policy file (man semanage)
Then, restorecon will do what you want :)
Regards,
Casper
--
Clé GPG: AE157E0B29F0BEF2 at
keys.openpgp.org
« Ceux qui peuvent renoncer à la liberté essentielle pour obtenir un
peu de sécurité temporaire, ne méritent ni la liberté ni la
sécurité. »
-- Memoirs of the life and writings of Benjamin Franklin (1818)
CA Cert:
https://dl.casperlefantom.net/pub/ssl/root.der