Removing obsolete selinux setup
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 21 14:32:49 UTC 2015
On 01/18/2015 04:58 PM, Pete Stieber wrote:
> I received an answer that worked on the fedora forums.
>
> 1. Edit the file
> /etc/selinux/targeted/modules/active/file_contexts.local and
> comment/fix the wrong contexts.
>
> In my case this meant changing httpd_mediawiki_rw_content_t to
> mediawiki_rw_content_t. Then I used
>
> # semanage fcontext -a -t httpd_sys_rw_content_t '/etc/dokuwiki'
> # semanage fcontext -a -t httpd_sys_rw_content_t
> '/etc/dokuwiki/users.auth.php'
> # semanage fcontext -a -t httpd_sys_rw_content_t
> '/etc/dokuwiki/local.php'
> # restorecon -R /etc/dokuwiki
>
> to get the files setup properly.
>
> Seems like the dokuwiki selinux package should be setup to do
> something similar.
>
> Pete
A better label should have been
semanage fcontext -a -t httpd_sys_rw_content_t '/etc/dokuwiki(/.*?)'
This would allow apache processes to write to any file/directory under
/etc/dokuwiki.
I would argue this is might be a bad design of dokuwiki, applictions
should not be writing their config files.
If these are not config files, they should be in /var/lib/dokuwiki.
More information about the users
mailing list