Selinux Tips: Difference between revisions
Jump to navigation
Jump to search
(Created page with "==About== This page just has a few Selinux tips/reminders ==Proxying== When proxying backend services with httpd, you typically need to do two things: * Allow http to make...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
==About== | ==About== | ||
This page just has a few Selinux tips/reminders | This page just has a few Selinux tips/reminders | ||
==File Access== | |||
If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags: | |||
'''semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"''' | |||
==Proxying== | ==Proxying== | ||
| Line 6: | Line 11: | ||
When proxying backend services with httpd, you typically need to do two things: | When proxying backend services with httpd, you typically need to do two things: | ||
* Allow http to make connections: ''setsebool -P httpd_can_network_connect on'' | * Allow http to make connections: '''setsebool -P httpd_can_network_connect on''' | ||
* Allow the ports for your backend connections: ''semanage port -a -t http_port_t -p tcp ####'' | * Allow the ports for your backend connections: '''semanage port -a -t http_port_t -p tcp ####''' | ||
Latest revision as of 20:42, 11 January 2022
About
This page just has a few Selinux tips/reminders
File Access
If selinux is blocking access to files that httpd should be able to read it may be they are missing selinux flags:
semanage fcontext -a -t httpd_sys_content_t "[FILE OR PATH]"
Proxying
When proxying backend services with httpd, you typically need to do two things:
- Allow http to make connections: setsebool -P httpd_can_network_connect on
- Allow the ports for your backend connections: semanage port -a -t http_port_t -p tcp ####