Selinux Tips

From NIEF Wiki

Revision as of 18:55, 15 November 2024 by Jeff.Krug (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

About

This page just has a few Selinux tips/reminders

File Access

If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags. You can set it with this command:

semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"

Or if you need to change it from a different selinux type you use this command:

chcon -R -t httpd_sys_content_t "[FILE OR PATH]"

Proxying

When proxying backend services with httpd, you typically need to do two things:

Allow http to make connections: setsebool -P httpd_can_network_connect on
Allow the ports for your backend connections: semanage port -a -t http_port_t -p tcp ####

Retrieved from "https://wiki.nief.org/index.php?title=Selinux_Tips&oldid=321"