Selinux Tips: Difference between revisions

Latest revision as of 18:55, 15 November 2024

This page just has a few Selinux tips/reminders

If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags. You can set it with this command:

semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"

Or if you need to change it from a different selinux type you use this command:

chcon -R -t httpd_sys_content_t "[FILE OR PATH]"

When proxying backend services with httpd, you typically need to do two things:

Allow http to make connections: setsebool -P httpd_can_network_connect on
Allow the ports for your backend connections: semanage port -a -t http_port_t -p tcp ####

@@ Line 1: / Line 1: @@
 ==About==
 This page just has a few Selinux tips/reminders
+==File Access==
+If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags.  You can set it with this command:
+'''semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"'''
+Or if you need to change it from a different selinux type you use this command:
+'''chcon -R -t httpd_sys_content_t "[FILE OR PATH]"'''
 ==Proxying==
@@ Line 6: / Line 16: @@
 When proxying backend services with httpd, you typically need to do two things:
-* Allow http to make connections: ''setsebool -P httpd_can_network_connect on''
+* Allow http to make connections: '''setsebool -P httpd_can_network_connect on'''
-* Allow the ports for your backend connections: ''semanage port -a -t http_port_t -p tcp ####''
+* Allow the ports for your backend connections: '''semanage port -a -t http_port_t -p tcp ####'''