Selinux Tips: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
==About== | ==About== | ||
This page just has a few Selinux tips/reminders | This page just has a few Selinux tips/reminders | ||
==File Access== | |||
If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags. You can set it with this command: | |||
'''semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"''' | |||
Or if you need to change it from a different selinux type you use this command: | |||
'''chcon -R -t httpd_sys_content_t "[FILE OR PATH]"''' | |||
==Proxying== | ==Proxying== | ||
Latest revision as of 18:55, 15 November 2024
About
This page just has a few Selinux tips/reminders
File Access
If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags. You can set it with this command:
semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"
Or if you need to change it from a different selinux type you use this command:
chcon -R -t httpd_sys_content_t "[FILE OR PATH]"
Proxying
When proxying backend services with httpd, you typically need to do two things:
- Allow http to make connections: setsebool -P httpd_can_network_connect on
- Allow the ports for your backend connections: semanage port -a -t http_port_t -p tcp ####