• On Fedora Core 12, SELinux, Apache and formVista
    03/10/2010 6:10PM

    I tend to create my own directory heirarchies when I set up new websites. 

    I recently switched to the Fedora Core 12 desktop linux distribution for my development environment. When attempting to install formVista using the setup program I wrote, I kept running into weird permission denied errors. 

    It turned out to be an SELinux policy violation. I had not set the required SELinux "type" on my custom "html" directory.

    Instead of just disabling SELinux, I did some searching around and determined I needed to add the "httpd_sys_content_t" type to my directory.

    chcon -Rt httpd_sys_content_t html

    which basically says add the "http_sys_content_t" type to everything in the html directory.

    There's a nice SELinux administration tool available for Fedora Core 12 which lists out all the various settings available and it was intrumental in helping me find the correct setting. It's called system-config-selinux and is part of the policycoreutils-gui package.

    2011-01-11 Update for Fedora Core 14

    It looks like some things have changed in Fedora Core 14. Suddenly I couldn't write to anything under my html directory any more. According to the sealert error messages to fix it required:

    semanage fcontext -a -t httpd_sys_rw_content_t "html(/.*)?"

    restorecon -R -v html/

    setsebool -P httpd_unified 1

    This is on a firewalled development box. I've got to find some time to delve into selinux a bit more to make sure these settings don't have unintended side-effects.

    IMHO the SELinux solution is unnecessarily complex.

You must be logged into an account to post comments.