Hi Lukas, I am you could say brand new to SEL in all fairness and given how security paranoid I am about my systems I am glad I am starting to work with it. I am using a very stock and out of the box policy with nothing change. A friend of mine who works with SEL himself gave me the two commands mentioned. Another question that stems off this should I just give the necessary rw access to the folders that will need to be updated? Regards, Jonathan -----Original Message----- From: Lukas Vrabec <lvrabec@xxxxxxxxxx> Sent: Sunday, 12 April 2020 22:07 To: selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: Question On 4/12/20 9:15 PM, Jonathan Aquilina wrote: > Hi guys i have a question regarding SEL. > > I have a VM that is on centos 7 and before I had an issue with > wordpress where it was in read only mode and i ran > > chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0 > /var/www/html/wordpress > > > > to put it in read write mode for me to update the site > > > > I then ran > > > > restorecon -rv /var/www/html to restore things to the way they are. > > > > since then i have not had to run the commands again to update the site > with any other updates > > > > what exactly is happening > > > > Regards, > > Jonathan > > > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe > send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproj > ect.org > Hi Jonathan, Can you please share the reproducer ? Also, can you please share SELinux denials you saw in past (maybe they're still in audit.log) ? >From your e-mail it's hard to decide what really happened on the system. Btw. Did you changed value of any httpd_* boolean? Please attach output of: # semanage boolean -l | grep httpd Thanks, Lukas. -- Lukas Vrabec SELinux Evangelist, Senior Software Engineer, Security Technologies Red Hat, Inc. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx