/etc/default in Fedora

David Quigley selinux at davequigley.com
Fri Mar 16 17:49:11 UTC 2012

On 03/16/2012 04:56, Matej Cepl wrote:
> On 15.3.2012 09:38, Tomasz Torcz wrote:
>>> Why and why just us?
>> Good question, we deviate from upstream default:
>> http://wiki.apache.org/httpd/DistrosDefaultLayout
> Do we have somebody to make the stupid item 3 go away?
> # If you're having issues with authorization and your permissions are
> # correct make sure that you try testing with SELinux turned off. Run
> # 'setenforce 0' and use 'chcon' to fix permissions. Run 'ls -alZ' to
> # view the current permissions.' SELinux first appeared in Fedora 
> Core
> # 3, RHEL 4, and CentOS 4.
> httpd in Fedora/RHEL/CentOS works with SELinux just fine. Anything
> else are bugs, which need to be filed.
> Matěj

Short of educating web server administrators about SELinux and the 
correct labels for web resources I'm not sure what else can be done. You 
don't want to use restorecond to make sure the directories are labeled 
properly because you could potentially use an improperly configured file 
upload capability to drop whatever pages you want onto the server and it 
would fixup the labels. Unfortunately education is the best option but 
not the easiest.


More information about the devel mailing list