[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-selinux-list
Subject: RE: Question
From: Jonathan Aquilina <jaquilina () eagleeyet ! net>
Date: 2020-04-13 3:46:00
Message-ID: AM6PR08MB39273E94CA4A40D42584E9BBA0DD0 () AM6PR08MB3927 ! eurprd08 ! prod ! outlook ! com
[Download RAW message or body]
Hi Lukas,
I am you could say brand new to SEL in all fairness and given how security paranoid I \
am about my systems I am glad I am starting to work with it.
I am using a very stock and out of the box policy with nothing change.
A friend of mine who works with SEL himself gave me the two commands mentioned.
Another question that stems off this should I just give the necessary rw access to \
the folders that will need to be updated?
Regards,
Jonathan
-----Original Message-----
From: Lukas Vrabec <lvrabec@redhat.com>
Sent: Sunday, 12 April 2020 22:07
To: selinux@lists.fedoraproject.org
Subject: Re: Question
On 4/12/20 9:15 PM, Jonathan Aquilina wrote:
> Hi guys i have a question regarding SEL.
>
> I have a VM that is on centos 7 and before I had an issue with
> wordpress where it was in read only mode and i ran
>
> chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0
> /var/www/html/wordpress
>
>
>
> to put it in read write mode for me to update the site
>
>
>
> I then ran
>
>
>
> restorecon -rv /var/www/html to restore things to the way they are.
>
>
>
> since then i have not had to run the commands again to update the site
> with any other updates
>
>
>
> what exactly is happening
>
>
>
> Regards,
>
> Jonathan
>
>
> _______________________________________________
> selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe
> send an email to selinux-leave@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproj
> ect.org
>
Hi Jonathan,
Can you please share the reproducer ? Also, can you please share SELinux denials you \
saw in past (maybe they're still in audit.log) ?
From your e-mail it's hard to decide what really happened on the system.
Btw. Did you changed value of any httpd_* boolean?
Please attach output of:
# semanage boolean -l | grep httpd
Thanks,
Lukas.
--
Lukas Vrabec
SELinux Evangelist,
Senior Software Engineer, Security Technologies Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@lists.fedoraproject.org
To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic