On Fri, 2009-03-13 at 08:29 -0400, Stephen Smalley wrote:
On Fri, 2009-03-13 at 05:10 -0400, Braden McDaniel wrote:
I'm trying to let httpd write to a subdirectory of ~/public_html and I'm running into SELinux errors on Fedora 10. The error message directs me to "man httpd_selinux", which describes several context types. Of these, httpd_sys_content_rw_t sounds like what I want; however, chcon doesn't seem to know about it:
$ chcon -R httpd_sys_content_rw_t mydir chcon: invalid context: httpd_sys_content_rw_tYou would need to use the "-t" option to specify just the type without specifying a full security context.
Aha.
But you should be able to just run: restorecon -v mydir
That makes the type "httpd_user_content_t", which doesn't let httpd write to the directory. Using "chcon -t" to change the type to httpd_user_content_rw_t does the trick, though. Thanks.