On Sun, 23 Sep 2007 02:26:47 -0500, Arthur Pemberton wrote: > On 9/23/07, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: >> That PNG is user user, object role, HTTP system content type? WTF! >> What the hell is an object role, and how is a PNG file a system >> anything? > > 1) check man selinux God give me strength. Type "man:selinux" into Konqueror (in order to get it into a format which is even legible; man anything on a terminal either shatters, or has to be in a font so small that not even a magnifying glass helps -- typical ...) You get a choice of plain "man selinux" or fifteen (count 'em -- fifteen) other man pages. None of them contains "httpd," -- in case I know a fraction of what Tim does, and can guess I want that. So I go ahead and try to actually slog through the plain command's page. The first thing I see is a link to the selinux page at NSA. I click on it -- hoping to tell at a glance whether to read it first, or leave it for if&when. I get no pointer to anything, but the fanciest "not found" message in known space. Being a hardened sinner, I waste three minutes studying that, and notice that the link ends a sentence. Sure enough. clicking is picking up the period -- and the NSA page (the ultimate electronic bureaucrat?) doesn't think to try ignoring the period. So I c&p the link into another tab, delete the period manually, and it links. GoddlemityDAM! Turns out selinux is a whole nuther branch of computer science. (Makes sense, actually : NoSuchAgency if anybody oughtta have such a thing. I'm not NSA.) So I leave that tab, take a deep breath, and resume trying to read the man page for plain selinux. It proves amazingly well written for gummint work. (There is a typo : for 'context' singular in the section on File Labeling read 'contexts' plural.) Please pass my extreme praise to Mr. Walsh; afaik, only the Copyright Office in all of gdgummint writes as well. It also says in so many words : "The best way to relabel the file system is to create the flag file /.autorelabel and *reboot*" [My emphasis; no wonder that instruction is in the error messages in the trouble shooter.] > 2) get pointed to man httpd_selinux Well, you can call it that; the question is which is to be master, as Lewis Carroll says so well. What I see (at the very bottom) is a completely uncommented list of fifteen links, one of which is "httpd_selinux(8)" (That means they're not the same fifteen that Konqueror found, btw: I triple-checked, and it does not offer me anything containing "httpd" among its fifteen. Konqueror won't let me c&p its fifteen.) I suppose someone whose focussed attention was on apache would indeed jump on that first. Since I don't run any server I can help, nor even have a web page, I'll leave it there. > 3) get information > > httpd_sys_content_t > - Set files with httpd_sys_content_t for content which is > available from all httpd scripts and the daemon -- Beartooth Staffwright, PhD, Neo-Redneck Linux Convert Remember I know precious little of what I am talking about.
