On 4/13/20 5:46 AM, Jonathan Aquilina wrote: > Hi Lukas, > > I am you could say brand new to SEL in all fairness and given how security paranoid I am about my systems I am glad I am starting to work with it. > > I am using a very stock and out of the box policy with nothing change. > > A friend of mine who works with SEL himself gave me the two commands mentioned. > > Another question that stems off this should I just give the necessary rw access to the folders that will need to be updated? > Hi Jonathan, If you're new in SELinux, I would suggest you to start from beginning, please read Red Hat Enterprise Linux 8 SELinux guide[1] or SELinux notebook[2] which is much more technical documentation about SELinux. [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/using_selinux/index [2] http://freecomputerbooks.com/books/The_SELinux_Notebook-4th_Edition.pdf Thanks, Lukas. > Regards, > Jonathan > > > -----Original Message----- > From: Lukas Vrabec <lvrabec@xxxxxxxxxx> > Sent: Sunday, 12 April 2020 22:07 > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > Subject: Re: Question > > On 4/12/20 9:15 PM, Jonathan Aquilina wrote: >> Hi guys i have a question regarding SEL. >> >> I have a VM that is on centos 7 and before I had an issue with >> wordpress where it was in read only mode and i ran >> >> chcon -R unconfined_u:object_r:httpd_sys_rw_content_t:s0 >> /var/www/html/wordpress >> >> >> >> to put it in read write mode for me to update the site >> >> >> >> I then ran >> >> >> >> restorecon -rv /var/www/html to restore things to the way they are. >> >> >> >> since then i have not had to run the commands again to update the site >> with any other updates >> >> >> >> what exactly is happening >> >> >> >> Regards, >> >> Jonathan >> >> >> _______________________________________________ >> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe >> send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproj >> ect.org >> > > Hi Jonathan, > > Can you please share the reproducer ? Also, can you please share SELinux denials you saw in past (maybe they're still in audit.log) ? > > From your e-mail it's hard to decide what really happened on the system. > Btw. Did you changed value of any httpd_* boolean? > Please attach output of: > # semanage boolean -l | grep httpd > > Thanks, > Lukas. > > > > > > > -- > Lukas Vrabec > SELinux Evangelist, > Senior Software Engineer, Security Technologies Red Hat, Inc. > -- Lukas Vrabec SELinux Evangelist, Senior Software Engineer, Security Technologies Red Hat, Inc.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
