Tag Archives: selinux

Webserver and SELinux

Finally got a chance to setup a webserver with selinux enabled. The most important thing is to set security context where the files located to be in httpd security context using ‘chcon’ command.

Here’s some example:

# chcon -v --type=httpd_sys_content_t /html
context of /html changed to user_u:object_r:httpd_sys_content_t
# chcon -v --type=httpd_sys_content_t /html/index.html
context of /html/index.html changed to user_u:object_r:httpd_sys_content_t
# ls -Z /html/index.html
-rw-r--r-- root root user_u:object_r:httpd_sys_content_t /html/index.html
# ls -Z | grep html
drwxr-xr-x root root user_u:object_r:httpd_sys_content_t html

SELinux also by default denied httpd process to send an email. You can override this by using ‘setsebool’ command. Here’s some example using getsebool and setsebool.

# getsebool -a | grep httpd_can_sendmail
httpd_can_sendmail --> off
# setsebool -P httpd_can_sendmail on
# getsebool -a | grep httpd_can_sendmail
httpd_can_sendmail --> on

That’s it.

Thank you
Budiwijaya

 

chcon -t for web server, Linux Budi, webserver with selinux