Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise
thanks in advance!
Hey dustin.
On the html page, what is the dir the file is located.
On Thu, Feb 4, 2016 at 6:33 PM, Dustin Kempter dustink@consistentstate.com wrote:
Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise
thanks in advance!
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On Thu, Feb 04, 2016 at 04:33:25PM -0700, Dustin Kempter wrote:
Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise
Good choice. Where is the file located? What do you see with ls -Z?
On 02/05/16 07:33, Dustin Kempter wrote:
Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise
You can get the reason for the block by bringing up "sealert" which parses the AVC which is generated by a violation. It may also tell you the resolution to the issue.
Or, you can post the AVC, located in /var/log/audit/audit.log
Here is the file location as well as the output
[root@pgbadger1 pgbadger2]# pwd /var/www/html/monitoring/pgbadger2
[root@pgbadger1 pgbadger2]# ls -Z -rwxr-xr-x. apache apache unconfined_u:object_r:var_t:s0 pgbadger2.html
On 2/4/16 4:50 PM, Matthew Miller wrote:
On Thu, Feb 04, 2016 at 04:33:25PM -0700, Dustin Kempter wrote:
Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise
Good choice. Where is the file located? What do you see with ls -Z?
my approach is to run setroubleshooter which, when detecting an issue, provides a cli to allow just the single exception.
hth, jackc...
On Thu, Feb 4, 2016 at 3:33 PM, Dustin Kempter dustink@consistentstate.com wrote:
Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise
thanks in advance!
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Hey,
First of all, please watch the SElinux video's on youtube from Sander van der Vught: Introduction https://www.youtube.com/watch?v=tXNr3gO … _Zzki2BT_ https://www.youtube.com/watch?v=tXNr3gOgrn8&list=PLC5eRS3MXpp-h3n0YlZM1Gy_Zzki2BT_K
Then read: https://www.centos.org/docs/5/html/Depl … ntrol.html https://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-sel-admincontrol.html
Followed by setting it to the right context: httpd_sys_rw_content_t (or pick another context with read,write option). Tail /var/log/audit/audit.log for debugging.
In regards, Maikel
Jack Craig wrote:
my approach is to run setroubleshooter which, when detecting an issue, provides a cli to allow just the single exception.
hth, jackc...
On Thu, Feb 4, 2016 at 3:33 PM, Dustin Kempter <dustink@consistentstate.com mailto:dustink@consistentstate.com> wrote:
Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise thanks in advance! -- users mailing list users@lists.fedoraproject.org <mailto:users@lists.fedoraproject.org> To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 5 Feb 2016 12:10 a.m., "Dustin Kempter" dustink@consistentstate.com wrote:
Here is the file location as well as the output
[root@pgbadger1 pgbadger2]# pwd /var/www/html/monitoring/pgbadger2
[root@pgbadger1 pgbadger2]# ls -Z -rwxr-xr-x. apache apache unconfined_u:object_r:var_t:s0 pgbadger2.html
From that I'm guessing you moved it to that spot from elsewhere so it
didn't get the correct context.
Use restorecon -Rv /var/www to fix it
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 02/04/2016 05:33 PM, Dustin Kempter wrote:
Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise
thanks in advance!
This video has a whole section of examples on SELinux and web content.
https://www.youtube.com/watch?v=MxjenQ31b70
Thomas
Thx Very Much for this guidance!
it took a while to cover it all, but hugely helpful.
i'll not be turning selinux off! 😈
On Thu, Feb 4, 2016 at 11:16 PM, Maikel van Leeuwen < maikel.van.leeuwen@sentia.com> wrote:
Hey,
First of all, please watch the SElinux video's on youtube from Sander van der Vught: Introduction https://www.youtube.com/watch?v=tXNr3gO … _Zzki2BT_ https://www.youtube.com/watch?v=tXNr3gOgrn8&list=PLC5eRS3MXpp-h3n0YlZM1Gy_Zzki2BT_K
Then read: https://www.centos.org/docs/5/html/Depl … ntrol.html https://www.centos.org/docs/5/html/Deployment_Guide-en-US/sec-sel-admincontrol.html
Followed by setting it to the right context: httpd_sys_rw_content_t (or pick another context with read,write option). Tail /var/log/audit/audit.log for debugging.
In regards, Maikel
Jack Craig wrote:
my approach is to run setroubleshooter which, when detecting an issue, provides a cli to allow just the single exception.
hth, jackc...
On Thu, Feb 4, 2016 at 3:33 PM, Dustin Kempter < dustink@consistentstate.com> wrote:
Hello all, I am having an issue. I have a vm with an html file that SELINUX is blocking access to. From a webpage I can not access the page unless SELINUX is disabled. I would rather not have it disabled, is ther another option? please advise
thanks in advance!
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-
bruce -
Dustin Kempter -
Ed Greshko -
Jack Craig -
James Hogarth -
Maikel van Leeuwen -
Matthew Miller -
thomas cameron