This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0618411486339470744== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XTePCauJ6SSeRSSFkidFFTL0sYGSXK4zf" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XTePCauJ6SSeRSSFkidFFTL0sYGSXK4zf Content-Type: multipart/mixed; boundary="oyaRnjDm0iqeN0Kd4m0hcQ9J6dfXp9RK4" --oyaRnjDm0iqeN0Kd4m0hcQ9J6dfXp9RK4 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 4/13/20 5:46 AM, Jonathan Aquilina wrote: > Hi Lukas, >=20 > I am you could say brand new to SEL in all fairness and given how securit= y paranoid I am about my systems I am glad I am starting to work with it. >=20 > I am using a very stock and out of the box policy with nothing change. >=20 > A friend of mine who works with SEL himself gave me the two commands ment= ioned. >=20 > Another question that stems off this should I just give the necessary rw = access to the folders that will need to be updated? >=20 Hi Jonathan, If you're new in SELinux, I would suggest you to start from beginning, please read Red Hat Enterprise Linux 8 SELinux guide[1] or SELinux notebook[2] which is much more technical documentation about SELinux. [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/ht= ml-single/using_selinux/index [2] http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf Thanks, Lukas. > Regards, > Jonathan >=20 >=20 > -----Original Message----- > From: Lukas Vrabec =20 > Sent: Sunday, 12 April 2020 22:07 > To: selinux@lists.fedoraproject.org > Subject: Re: Question >=20 > On 4/12/20 9:15 PM, Jonathan Aquilina wrote: >> Hi guys i have a question regarding SEL. >> >> I have a VM that is on centos 7 and before I had an issue with=20 >> wordpress where it was in read only mode and i ran >> >> chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0 >> /var/www/html/wordpress >> >> =C2=A0 >> >> to put it in read write mode for me to update the site >> >> =C2=A0 >> >> I then ran >> >> =C2=A0 >> >> restorecon -rv /var/www/html to restore things to the way they are. >> >> =C2=A0 >> >> since then i have not had to run the commands again to update the site= =20 >> with any other updates >> >> =C2=A0 >> >> what exactly is happening >> >> =C2=A0 >> >> Regards, >> >> Jonathan >> >> >> _______________________________________________ >> selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe= =20 >> send an email to selinux-leave@lists.fedoraproject.org >> Fedora Code of Conduct:=20 >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines:=20 >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives:=20 >> https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproj >> ect.org >> >=20 > Hi Jonathan, >=20 > Can you please share the reproducer ? Also, can you please share SELinux = denials you saw in past (maybe they're still in audit.log) ? >=20 > From your e-mail it's hard to decide what really happened on the system. > Btw. Did you changed value of any httpd_* boolean? > Please attach output of: > # semanage boolean -l | grep httpd >=20 > Thanks, > Lukas. >=20 >=20 >=20 >=20 >=20 >=20 > -- > Lukas Vrabec > SELinux Evangelist, > Senior Software Engineer, Security Technologies Red Hat, Inc. >=20 --=20 Lukas Vrabec SELinux Evangelist, Senior Software Engineer, Security Technologies Red Hat, Inc. --oyaRnjDm0iqeN0Kd4m0hcQ9J6dfXp9RK4-- --XTePCauJ6SSeRSSFkidFFTL0sYGSXK4zf Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE3wrP3ArXoyYgAS7LRyAaxC8pzgYFAl6V9RoACgkQRyAaxC8p zgbMBgf9GdCvZPKKveSU/TkN3s6BC5desJdBAthGaheFTeiyyoz9ocYS4kMWEYZx yIGrTUCFXygfFY8EWLKG96qSekObHlaPreicw0Npf8LMP9skI1CiqYClgPEM01PF FK7+cfSPAdk2Zlos18yHh7+fBl1cxy65NhgIwc/4aXKCHCt8tSVQZ6wk8ZBRXRn5 6rojpfh9LgH8a6m2XE7toO3xHLMhsR1zCRRiaU3u8FQj5+sE8xJ/STEhVm/fUVox nbyjsThDgVPZnV7a7axC1Bi9tye3qUmyzwiqTl/g31T//LD1+WRtIxU8m3p6+/Xf IIwSZnbJK9dpfyXJtHIpdMu8rR6GQQ== =yBzw -----END PGP SIGNATURE----- --XTePCauJ6SSeRSSFkidFFTL0sYGSXK4zf-- --===============0618411486339470744== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18Kc2VsaW51eCBt YWlsaW5nIGxpc3QgLS0gc2VsaW51eEBsaXN0cy5mZWRvcmFwcm9qZWN0Lm9yZwpUbyB1bnN1YnNj cmliZSBzZW5kIGFuIGVtYWlsIHRvIHNlbGludXgtbGVhdmVAbGlzdHMuZmVkb3JhcHJvamVjdC5v cmcKRmVkb3JhIENvZGUgb2YgQ29uZHVjdDogaHR0cHM6Ly9kb2NzLmZlZG9yYXByb2plY3Qub3Jn L2VuLVVTL3Byb2plY3QvY29kZS1vZi1jb25kdWN0LwpMaXN0IEd1aWRlbGluZXM6IGh0dHBzOi8v ZmVkb3JhcHJvamVjdC5vcmcvd2lraS9NYWlsaW5nX2xpc3RfZ3VpZGVsaW5lcwpMaXN0IEFyY2hp dmVzOiBodHRwczovL2xpc3RzLmZlZG9yYXByb2plY3Qub3JnL2FyY2hpdmVzL2xpc3Qvc2VsaW51 eEBsaXN0cy5mZWRvcmFwcm9qZWN0Lm9yZwo= --===============0618411486339470744==--