You don't have permission to access /jj/ on this server
Chris Rouch
crouch at pobox.com
Tue Jan 4 16:49:04 UTC 2005
On Fri, 31 Dec 2004 12:39:31 -0700 (Mountain Standard Time)
"Stewart Walker" <swalker at caspercollege.edu> wrote:
>
> Well I've looked all over and the only way I can get apache to
> serve files in subdirectories below www/html/ is to de-select
> Enforcing Current: in the the Security Level Configuration SELinux
> options.
>
> [Fri Dec 31 12:22:01 2004] [error] [client 192.168.2.25]
> (13)Permission denied: access to /jj/index.php denied
>
> de-select enforcing current and it works.
>
> I don't see anything in php.ini or httpd.conf.
>
> It's affecting the /var/www/cgi-bin/qmailadmin also. qmailadmin
> complains it cant find the /var/qmail/users/access. with enforcing
> current selected.
>
> Is this the only to get this to work? I really like the added
> security.
It's not the only way.
<sourcerer's apprentice warning>
You can use audit2allow to permit actions that selinux would normally
forbid. e.g.
cd /etc/selinux/targeted/src/policy
audit2allow -i /var/log/messages -l >> domains/misc/local.te
make reload
</sourcerer's apprentice warning>
However this is by definition reducing the amount of security you have
and there may well be a better way. I needed to serve automounted
directories on my local (private) web server, and this was a quick way
to make it work. When I have time I'll look at it some more.
Regards,
Chris
More information about the users
mailing list