From fedora-selinux-list Sun Apr 12 20:07:19 2020 From: Lukas Vrabec Date: Sun, 12 Apr 2020 20:07:19 +0000 To: fedora-selinux-list Subject: Re: Question Message-Id: X-MARC-Message: https://marc.info/?l=fedora-selinux-list&m=158672202510435 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============8412113896168193105==" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8412113896168193105== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="E0lLlumL8fQgn9YxgX2I6Fv2b5DQkgQHa" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --E0lLlumL8fQgn9YxgX2I6Fv2b5DQkgQHa Content-Type: multipart/mixed; boundary="z3TI8HC2fDsbUPJD4eZXRugoo4ARi2Pwy" --z3TI8HC2fDsbUPJD4eZXRugoo4ARi2Pwy Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 4/12/20 9:15 PM, Jonathan Aquilina wrote: > Hi guys i have a question regarding SEL. >=20 > I have a VM that is on centos 7 and before I had an issue with wordpress > where it was in read only mode and i ran >=20 > chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0 > /var/www/html/wordpress >=20 > =C2=A0 >=20 > to put it in read write mode for me to update the site >=20 > =C2=A0 >=20 > I then ran >=20 > =C2=A0 >=20 > restorecon -rv /var/www/html to restore things to the way they are. >=20 > =C2=A0 >=20 > since then i have not had to run the commands again to update the site > with any other updates >=20 > =C2=A0 >=20 > what exactly is happening >=20 > =C2=A0 >=20 > Regards, >=20 > Jonathan >=20 >=20 > _______________________________________________ > selinux mailing list -- selinux@lists.fedoraproject.org > To unsubscribe send an email to selinux-leave@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code= -of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/selinux@list= s.fedoraproject.org >=20 Hi Jonathan, Can you please share the reproducer ? Also, can you please share SELinux denials you saw in past (maybe they're still in audit.log) ? From your e-mail it's hard to decide what really happened on the system. Btw. Did you changed value of any httpd_* boolean? Please attach output of: # semanage boolean -l | grep httpd Thanks, Lukas. --=20 Lukas Vrabec SELinux Evangelist, Senior Software Engineer, Security Technologies Red Hat, Inc. --z3TI8HC2fDsbUPJD4eZXRugoo4ARi2Pwy-- --E0lLlumL8fQgn9YxgX2I6Fv2b5DQkgQHa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE3wrP3ArXoyYgAS7LRyAaxC8pzgYFAl6TdPcACgkQRyAaxC8p zgb3jQf+N/smQWKNswJ8OAMjFRcztA0Mo4curyhqaj8ill10xG9AHI2SdLC82b1A pTxf7/gDFmKH3UAacHltlgB5ZZIOUhXunscJjC6sjhxS1tdYoo+e//A0lO8uU4TL IkmoX8Bcvt3TO2qJXqOw4deVKyUEtykw/eo1L9EGCnZCLUfKpx1UCbBe8FZOTVVz hPN0EYlwOByrkQUB4r4KAa0f+DJ/bFMmEqztOcN3c64DYM42kAvtSwvm1Up9TF95 KLDatK6PFAoLh7skHeJjzDH9aSHKPV3gN6rzz82dG5oxfzJvY9O7DO9M5Ornfy47 qaR88oSImKiVkqsjKTqz4l3s6PYXUQ== =Tj4h -----END PGP SIGNATURE----- --E0lLlumL8fQgn9YxgX2I6Fv2b5DQkgQHa-- --===============8412113896168193105== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18Kc2VsaW51eCBt YWlsaW5nIGxpc3QgLS0gc2VsaW51eEBsaXN0cy5mZWRvcmFwcm9qZWN0Lm9yZwpUbyB1bnN1YnNj cmliZSBzZW5kIGFuIGVtYWlsIHRvIHNlbGludXgtbGVhdmVAbGlzdHMuZmVkb3JhcHJvamVjdC5v cmcKRmVkb3JhIENvZGUgb2YgQ29uZHVjdDogaHR0cHM6Ly9kb2NzLmZlZG9yYXByb2plY3Qub3Jn L2VuLVVTL3Byb2plY3QvY29kZS1vZi1jb25kdWN0LwpMaXN0IEd1aWRlbGluZXM6IGh0dHBzOi8v ZmVkb3JhcHJvamVjdC5vcmcvd2lraS9NYWlsaW5nX2xpc3RfZ3VpZGVsaW5lcwpMaXN0IEFyY2hp dmVzOiBodHRwczovL2xpc3RzLmZlZG9yYXByb2plY3Qub3JnL2FyY2hpdmVzL2xpc3Qvc2VsaW51 eEBsaXN0cy5mZWRvcmFwcm9qZWN0Lm9yZwo= --===============8412113896168193105==--