Jonathan Aquilina a écrit : > Hi guys i have a question regarding SEL. > > I have a VM that is on centos 7 and before I had an issue with wordpress > where it was in read only mode and i ran > > chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0 > /var/www/html/wordpress > > > > to put it in read write mode for me to update the site > > > > I then ran > > > > restorecon -rv /var/www/html to restore things to the way they are. > > > > since then i have not had to run the commands again to update the site > with any other updates > > > > what exactly is happening Hi Jonathan, when you run the 'chcon', you're changing the contexte of the directory and its subdirectories As you noticed, it works fine But, when you run the 'restorecon', the command read what contexte to apply for each file and directory in a policy file If you don't update the policy file with what you want (httpd_sys_rw_content_t on /var/www/html/wordpress and its subdirectories), then restorecon will reset the contexte accordingly to its policy file See 'semanage fcontext' for editing the policy file (man semanage) Then, restorecon will do what you want :) Regards, Casper -- Clé GPG: AE157E0B29F0BEF2 at keys.openpgp.org « Ceux qui peuvent renoncer à la liberté essentielle pour obtenir un peu de sécurité temporaire, ne méritent ni la liberté ni la sécurité. » -- Memoirs of the life and writings of Benjamin Franklin (1818) CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
