[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fedora-selinux-list
Subject:    Re: Question
From:       Lukas Vrabec <lvrabec () redhat ! com>
Date:       2020-04-12 20:07:19
Message-ID: b456f5a0-4721-81a9-2357-964eb87aa73a () redhat ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

[Attachment #4 (multipart/mixed)]


On 4/12/20 9:15 PM, Jonathan Aquilina wrote:
> Hi guys i have a question regarding SEL.
> 
> I have a VM that is on centos 7 and before I had an issue with wordpress
> where it was in read only mode and i ran
> 
> chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0
> /var/www/html/wordpress
> 
>   
> 
> to put it in read write mode for me to update the site
> 
>   
> 
> I then ran
> 
>   
> 
> restorecon -rv /var/www/html to restore things to the way they are.
> 
>   
> 
> since then i have not had to run the commands again to update the site
> with any other updates
> 
>   
> 
> what exactly is happening
> 
>   
> 
> Regards,
> 
> Jonathan
> 
> 
> _______________________________________________
> selinux mailing list -- selinux@lists.fedoraproject.org
> To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org
> 

Hi Jonathan,

Can you please share the reproducer ? Also, can you please share SELinux
denials you saw in past (maybe they're still in audit.log) ?

From your e-mail it's hard to decide what really happened on the system.
 Btw. Did you changed value of any httpd_* boolean?
Please attach output of:
# semanage boolean -l | grep httpd

Thanks,
Lukas.






-- 
Lukas Vrabec
SELinux Evangelist,
Senior Software Engineer, Security Technologies
Red Hat, Inc.


["signature.asc" (application/pgp-signature)]
[Attachment #8 (text/plain)]

_______________________________________________
selinux mailing list -- selinux@lists.fedoraproject.org
To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org


[prev in list] [next in list] [prev in thread] [next in thread]