[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-selinux-list
Subject: Re: Question
From: Lukas Vrabec <lvrabec () redhat ! com>
Date: 2020-04-14 17:38:34
Message-ID: 3aff39e7-e9d8-4ceb-cffd-6c94c53e8831 () redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
On 4/13/20 5:46 AM, Jonathan Aquilina wrote:
> Hi Lukas,
>
> I am you could say brand new to SEL in all fairness and given how security paranoid \
> I am about my systems I am glad I am starting to work with it.
> I am using a very stock and out of the box policy with nothing change.
>
> A friend of mine who works with SEL himself gave me the two commands mentioned.
>
> Another question that stems off this should I just give the necessary rw access to \
> the folders that will need to be updated?
Hi Jonathan,
If you're new in SELinux, I would suggest you to start from beginning,
please read Red Hat Enterprise Linux 8 SELinux guide[1] or SELinux
notebook[2] which is much more technical documentation about SELinux.
[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/using_selinux/index
[2] http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf
Thanks,
Lukas.
> Regards,
> Jonathan
>
>
> -----Original Message-----
> From: Lukas Vrabec <lvrabec@redhat.com>
> Sent: Sunday, 12 April 2020 22:07
> To: selinux@lists.fedoraproject.org
> Subject: Re: Question
>
> On 4/12/20 9:15 PM, Jonathan Aquilina wrote:
> > Hi guys i have a question regarding SEL.
> >
> > I have a VM that is on centos 7 and before I had an issue with
> > wordpress where it was in read only mode and i ran
> >
> > chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0
> > /var/www/html/wordpress
> >
> >
> >
> > to put it in read write mode for me to update the site
> >
> >
> >
> > I then ran
> >
> >
> >
> > restorecon -rv /var/www/html to restore things to the way they are.
> >
> >
> >
> > since then i have not had to run the commands again to update the site
> > with any other updates
> >
> >
> >
> > what exactly is happening
> >
> >
> >
> > Regards,
> >
> > Jonathan
> >
> >
> > _______________________________________________
> > selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe
> > send an email to selinux-leave@lists.fedoraproject.org
> > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > List Archives:
> > https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproj
> > ect.org
> >
>
> Hi Jonathan,
>
> Can you please share the reproducer ? Also, can you please share SELinux denials \
> you saw in past (maybe they're still in audit.log) ?
> From your e-mail it's hard to decide what really happened on the system.
> Btw. Did you changed value of any httpd_* boolean?
> Please attach output of:
> # semanage boolean -l | grep httpd
>
> Thanks,
> Lukas.
>
>
>
>
>
>
> --
> Lukas Vrabec
> SELinux Evangelist,
> Senior Software Engineer, Security Technologies Red Hat, Inc.
>
--
Lukas Vrabec
SELinux Evangelist,
Senior Software Engineer, Security Technologies
Red Hat, Inc.
["signature.asc" (application/pgp-signature)]
[Attachment #8 (text/plain)]
_______________________________________________
selinux mailing list -- selinux@lists.fedoraproject.org
To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic