Re: Moving /var/www with SELinux enforcing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





tim.largy wrote:
> 
> Because I have limited space in /var and a program that wants to put
> gigabytes of data in /var/www, I want to move that directory
> (/var/www) elsewhere and simlink to it. What's the proper way to do
> this with SELinux enforcing?
> 
> 

I have a similar need when I move /var/spool/mail to another partition, and
the way I do it that leads to success is as follows (translating to your
case) all as root:

mkdir /path-to-new/www
Check contexts on this new directory are the same as for /var/www
ll -Zd /var/www
drwxr-xr-x  root root system_u:object_r:httpd_sys_content_t:s0 /var/www

Now copy all the files in the original using rsync (after stopping services
that use /var/www) to the new area copying the file contexts at the same
time:
rsync -aXH /var/www/* /path-to-new/www/

Make sure you use the -X flag as above.

Now move the original directory out of the way and make a new directory in
its place:
# cd /var
# mv www www.ORIG
# mkdir www

Now check the context of the two files by:
ls -Z www*
Make sure that the new www matches that of the original.

Then make a bind mount to mount the new area to the old area by adding a
line to /etc/fstab like
/path-to-new/www   /var/www         none    bind            0 0

Then 
# mount /path-to-new/www
should bind mount the new area.

Then you can start up your services as if they were in the original area.

(if necessary you can check that restorecon does keep the files contexts of
the bind mounted files in the new area correct and if not you can make new
rules using semanage fcontext that will survive a restorecon later)

I hope this helps...
-- 
View this message in context: http://www.nabble.com/Moving--var-www-with-SELinux-enforcing-tp21019357p21021072.html
Sent from the Fedora List mailing list archive at Nabble.com.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux