Re: Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/13/20 5:46 AM, Jonathan Aquilina wrote:
> Hi Lukas,
> 
> I am you could say brand new to SEL in all fairness and given how security paranoid I am about my systems I am glad I am starting to work with it.
> 
> I am using a very stock and out of the box policy with nothing change.
> 
> A friend of mine who works with SEL himself gave me the two commands mentioned.
> 
> Another question that stems off this should I just give the necessary rw access to the folders that will need to be updated?
> 

Hi Jonathan,

If you're new in SELinux, I would suggest you to start from beginning,
please read Red Hat Enterprise Linux 8 SELinux guide[1] or SELinux
notebook[2] which is much more technical documentation about SELinux.


[1]
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/using_selinux/index

[2] http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf

Thanks,
Lukas.

> Regards,
> Jonathan
> 
> 
> -----Original Message-----
> From: Lukas Vrabec <lvrabec@xxxxxxxxxx> 
> Sent: Sunday, 12 April 2020 22:07
> To: selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Question
> 
> On 4/12/20 9:15 PM, Jonathan Aquilina wrote:
>> Hi guys i have a question regarding SEL.
>>
>> I have a VM that is on centos 7 and before I had an issue with 
>> wordpress where it was in read only mode and i ran
>>
>> chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0
>> /var/www/html/wordpress
>>
>>  
>>
>> to put it in read write mode for me to update the site
>>
>>  
>>
>> I then ran
>>
>>  
>>
>> restorecon -rv /var/www/html to restore things to the way they are.
>>
>>  
>>
>> since then i have not had to run the commands again to update the site 
>> with any other updates
>>
>>  
>>
>> what exactly is happening
>>
>>  
>>
>> Regards,
>>
>> Jonathan
>>
>>
>> _______________________________________________
>> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe 
>> send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: 
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: 
>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: 
>> https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproj
>> ect.org
>>
> 
> Hi Jonathan,
> 
> Can you please share the reproducer ? Also, can you please share SELinux denials you saw in past (maybe they're still in audit.log) ?
> 
> From your e-mail it's hard to decide what really happened on the system.
>  Btw. Did you changed value of any httpd_* boolean?
> Please attach output of:
> # semanage boolean -l | grep httpd
> 
> Thanks,
> Lukas.
> 
> 
> 
> 
> 
> 
> --
> Lukas Vrabec
> SELinux Evangelist,
> Senior Software Engineer, Security Technologies Red Hat, Inc.
> 


-- 
Lukas Vrabec
SELinux Evangelist,
Senior Software Engineer, Security Technologies
Red Hat, Inc.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux