13 Mar
2009
13 Mar
'09
7:29 a.m.
On Fri, 2009-03-13 at 05:10 -0400, Braden McDaniel wrote:
I'm trying to let httpd write to a subdirectory of ~/public_html and I'm running into SELinux errors on Fedora 10. The error message directs me to "man httpd_selinux", which describes several context types. Of these, httpd_sys_content_rw_t sounds like what I want; however, chcon doesn't seem to know about it:
$ chcon -R httpd_sys_content_rw_t mydir chcon: invalid context: httpd_sys_content_rw_t
You would need to use the "-t" option to specify just the type without specifying a full security context. But you should be able to just run: restorecon -v mydir
And FWIW, the "Fix Command" offered by the SELinux error message ("setsebool -P httpd_unified=1") doesn't seem to help, either.
How do I need to massage SELinux to make this work?
--
Stephen Smalley
National Security Agency