Re: You don't have permission to access /jj/ on this server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 31 Dec 2004 12:39:31 -0700 (Mountain Standard Time)
"Stewart Walker" <swalker@xxxxxxxxxxxxxxxxx> wrote:

> 
> Well I've looked all over and the only way I can get apache to
> serve files in subdirectories below www/html/ is to de-select
> Enforcing Current: in the the Security Level Configuration SELinux
> options.
> 
> [Fri Dec 31 12:22:01 2004] [error] [client 192.168.2.25]
> (13)Permission denied: access to /jj/index.php denied
> 
> de-select enforcing current and it works.
> 
> I don't see anything in php.ini or httpd.conf.
> 
> It's affecting the /var/www/cgi-bin/qmailadmin also. qmailadmin
> complains it cant find the /var/qmail/users/access. with enforcing
> current selected.
> 
> Is this the only to get this to work? I really like the added
> security.

It's not the only way.

<sourcerer's apprentice warning>

You can use audit2allow to permit actions that selinux would normally
forbid. e.g.

cd /etc/selinux/targeted/src/policy
audit2allow -i /var/log/messages -l >> domains/misc/local.te
make reload

</sourcerer's apprentice warning>

However this is by definition reducing the amount of security you have
and there may well be a better way. I needed to serve automounted
directories on my local (private) web server, and this was a quick way
to make it work. When I have time I'll look at it some more.

Regards,

Chris


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux