Selinux Tips: Difference between revisions
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
==About== | ==About== | ||
This page just has a few Selinux tips/reminders | This page just has a few Selinux tips/reminders | ||
==File Access== | |||
If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags: | |||
'''semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"''' | |||
==Proxying== | ==Proxying== | ||
Revision as of 20:42, 11 January 2022
About
This page just has a few Selinux tips/reminders
File Access
If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags:
semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"
Proxying
When proxying backend services with httpd, you typically need to do two things:
- Allow http to make connections: setsebool -P httpd_can_network_connect on
- Allow the ports for your backend connections: semanage port -a -t http_port_t -p tcp ####