On Fri, 31 Dec 2004 12:39:31 -0700 (Mountain Standard Time) "Stewart Walker" <swalker@xxxxxxxxxxxxxxxxx> wrote: > > Well I've looked all over and the only way I can get apache to > serve files in subdirectories below www/html/ is to de-select > Enforcing Current: in the the Security Level Configuration SELinux > options. > > [Fri Dec 31 12:22:01 2004] [error] [client 192.168.2.25] > (13)Permission denied: access to /jj/index.php denied > > de-select enforcing current and it works. > > I don't see anything in php.ini or httpd.conf. > > It's affecting the /var/www/cgi-bin/qmailadmin also. qmailadmin > complains it cant find the /var/qmail/users/access. with enforcing > current selected. > > Is this the only to get this to work? I really like the added > security. It's not the only way. <sourcerer's apprentice warning> You can use audit2allow to permit actions that selinux would normally forbid. e.g. cd /etc/selinux/targeted/src/policy audit2allow -i /var/log/messages -l >> domains/misc/local.te make reload </sourcerer's apprentice warning> However this is by definition reducing the amount of security you have and there may well be a better way. I needed to serve automounted directories on my local (private) web server, and this was a quick way to make it work. When I have time I'll look at it some more. Regards, Chris
