On Monday 15 October 2007 19:24, Daniel J Walsh wrote: > Marko Vojinovic wrote: > > I am a newbie to SELinux, so would prefer not to create local policies > > etc. What should I do in order to allow access for a typical service to > > typical directory? > > You need to change the labeling on /www > > Probably something like > > # semanage fcontext -a -t httpd_sys_content_t '/www(/.*)?' > # restorecon -R -v /www > > In order to allow httpd to read content in home directories > you need to turn on httpd_enable_homedirs > > setsebool -P httpd_enable_homedirs 1 Thanks! This works great! :-) I was amazed to see the wealth of switches listed by getsebool -a once I found out about it. Also when I discovered that your answer was actually in examples section of man semanage :-) ... I am going to like SELinux once I get familiar with the ways to configure it. Btw, what is the actual difference between targeted and strict policies? Why are there two of them? I mean, if someone uses SELinux to make the system more secure, why is there a distinction between "more secure" and "half more secure"? Thanks for the help! :-) Best regards, :-) Marko Marko Vojinovic Institute of Physics University of Belgrade ====================== e-mail: vmarko@xxxxxxxxxxxx
