On 03/15/2010 07:10 AM, Roger wrote: > well I've found the selinux list to be a much better place to get help > >> with selinux stuff than this list but I would expect that if you had put >> drupal stuff into /var/www and made a soft link in /home to that >> directory you would have not had any issues with selinux at all. If you >> try to move the files now, I would suspect that they would have to be >> relabeled since they probably have home contexts and not html contexts >> (man restorecon) and that would have to be fixed. I think you can also >> set a boolean operator to tell it that you are serving html pages from >> users home directories but I'm not sure from your description that you >> actually have drupal in a users folder. >> >> Craig >> > >> I have working installations of Drupal 6.16 and 7 in /var/www/html and >> seLinux objects >> > latest is: > SELinux has denied httpd access to potentially mislabeled file(s) > (Eckankar.png). This means that SELinux will not allow httpd to use > these files. It is common for users to edit files in their home > directory or tmp directories and then move (mv) them to system > directories. The problem is that the files end up with the wrong file > context which confined applications are not allowed to access. > > but Drupal uses that image file so I don't take any notice. > > others are like: > SELinux has denied the sendmail access to potentially mislabeled files > /var/spool/clientmqueue. This means that SELinux will not allow httpd to > use these files. Many third party apps install html files in directories > that SELinux policy cannot predict. These directories have to be labeled > with a file context which httpd can access. > > I installed a new copy of Drupal in /home/user/directory and set > /etc/httpd/conf/httpd.conf to point to that directory but get denials. > > I have no understanding of contexts - its another thing I have to get to > grips with. > Thanks > Roger > SELinux is just about labeling. In a way permissions are just labels also. Ownership and Permission Map could be thought of as a label. Processes has a label of UID and files have labels of UID + Permission Map. With SELinux Process have a label (Security COntext) and files have a label (file Context). Then SELinux inforces rules about how process Security Context interact with File Security Context. This document explains what SELinux is trying to tell you. http://people.fedoraproject.org/~dwalsh/SELinux/Presentations/selinux_four_things.pdf If you sent me your AVC messages(SELinux Errors) I could help you get rid of them. ausearch -m avc -ts recent Is a command that tells the audit system to give you all of the recent SELinux messages from the audit system. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
