I just found out that now I need to do:
chcon -R -t httpd_sys_content_t ~rgm/public_html
Which was not required back in the earlier days.
But I have added this to my cookbook.
On 02/04/2017 11:34 PM, Robert Moskowitz wrote:
I did all of my steps to build a Fedora Server with updates and
installed httpd.
I edited the /etc/httpd/conf.d/userdir.conf to enable userdir. I kept
all of the rest of this conf file unchanged.
I added my z00-init.conf file:
ServerAdmin rgm@xxxxxxxxxxxxxxx
ServerName medon.htt-consult.com:80
# NameVirtualHost *:80
# NameVirtualHost *:443
I followed the permission instructions in the userdir.conf file,
copied some files into my public_html
set my IP addr and all the rest, put the Cubie on my DMZ and tried to
access a file:
http://medon.htt-consult.com/~rgm/cubieboard/cubietower-2.JPG
This works. You can try this also, as the server is public.
But I cannot access just a directory:
http://medon.htt-consult.com/~rgm/cubieboard/
I get:
=====
Forbidden
You don't have permission to access /~rgm/cubieboard/ on this server.
=====
If I disable SELinux with 'setenforce 0' I get the listing of files
in this directory.
The userdir.conf default is:
<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
So this should work. /var/log/httpd/error.log reports:
[Sat Feb 04 23:24:13.289963 2017] [negotiation:error] [pid 865]
(13)Permission denied: [client 192.168.160.12:56918] AH00686: cannot
read directory for multi: /home/rgm/public_html/cubieboard/
permissions are:
# ls -ls /home/rgm/public_html/
total 4
0 drwxrwxr-x. 2 rgm rgm 54 Feb 4 22:51 cubieboard
0 drwxrwxr-x. 2 rgm rgm 203 Feb 4 22:51 Harpsichord
0 drwxrwxr-x. 2 rgm rgm 73 Feb 4 22:51 ietf
4 -rw-rw-r--. 1 rgm rgm 12 Jan 21 2013 index.html
# ls -ls /home/rgm/public_html/cubieboard/
total 3504
1420 -rw-rw-r--. 1 rgm rgm 1450256 Aug 27 2014 cubietower-2.JPG
2084 -rw-r--r--. 1 rgm rgm 2131328 Sep 4 2014 cubietower-3.JPG
Why did I suspect SELinux you ask? Well I get all these warnings when
I do any SELinux command. What follows is everything I could gather
from the console.
So please tell me what is the problem and how to fix it. I really
want to get this simple server up and in production already...
Upgrading :
selinux-policy-targeted-3.13.1-225.6.fc25.noarch 310/844
[ 8981.136506] SELinux: Permission validate_trans in class security
not defined in policy.
[ 8981.144734] SELinux: Permission module_load in class system not
defined in policy.
[ 8981.152998] SELinux: the above unknown classes and permissions will
be allowed
[ 8985.835670] SELinux: Context
unconfined_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid
(unmapped).
[ 8987.072186] SELinux: Context
system_u:unconfined_r:sandbox_t:s0-s0:c0.c1023 became invalid (unmapped).
/var/lib/selinux/targeted/active/policy.kern: read error
(tried to read 8192 bytes from offset 3848760)
cannot reconstruct rpm from disk files
[ 0.006234] SELinux: Initializing.
[ 6.113236] systemd[1]: systemd 231 running in system mode. (+PAM
+AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP
+GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
[ 17.446033] SELinux: Permission validate_trans in class security
not defined in policy.
[ 17.454298] SELinux: Permission module_load in class system not
defined in policy.
[ 17.462557] SELinux: the above unknown classes and permissions will
be allowed
[ 17.544762] systemd[1]: Successfully loaded SELinux policy in
910.703ms.
Upgrading :
container-selinux-2:2.5-1.fc25.noarch 179/500
[11840.708423] SELinux: Permission validate_trans in class security
not defined in policy.
[11840.716674] SELinux: Permission module_load in class system not
defined in policy.
[11840.725023] SELinux: the above unknown classes and permissions will
be allowed
[11841.999564] SELinux: Context
system_u:system_r:gear_t:s0-s0:c0.c1023 became invalid (unmapped).
[11847.589662] SELinux: Context
unconfined_u:system_r:gear_t:s0-s0:c0.c1023 became invalid (unmapped).
libsemanage.semanage_direct_remove_key: Removing last container module
(no other container module exists at another priority).
# semanage port -a -t ssh_port_t -p tcp 1234 /* not the real port
number
[116454.082753] SELinux: Permission validate_trans in class security
not defined in policy.
[116454.091093] SELinux: Permission module_load in class system not
defined in policy.
[116454.099465] SELinux: the above unknown classes and permissions
will be allowed
# setsebool -P httpd_enable_homedirs on
[120049.339391] SELinux: Permission validate_trans in class security
not defined in policy.
[120049.347700] SELinux: Permission module_load in class system not
defined in policy.
[120049.356072] SELinux: the above unknown classes and permissions
will be allowed
thanks
_______________________________________________
arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
arm mailing list -- arm@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to arm-leave@xxxxxxxxxxxxxxxxxxxxxxx