-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/27/2011 11:51 AM, Per Bothner wrote: > On 04/27/2011 05:22 AM, Daniel J Walsh wrote: >> On 04/27/2011 02:45 AM, Per Bothner wrote: >>> (I'm still having problems with symlinks from /var/www/html >>> into /home. The fix that worked on F13 and F14 no longer works, >>> and the SeLinux Alert Browser isn't as helpful as it used to be.) >> Per Bothner, send me the AVC's you are struggling with and I will see if >> I can help you, also the alert that is not being helpful. > > I link /var/www/html/per to /home/bothner/public_html. > > The SELinux Alert browser gives me a number of options, the first of which > was to do: > /sbin/restorecon -v /home > After doing that, and refreshing the web browser then the alert browser > suggests > /sbin/restorecon -v /home/bothner > Then it suggests: > /sbin/restorecon -v /home/bothner/public_html > Now it wants: > /sbin/restorecon -v /home/bothner/public_html/index.html > Clearly this is not the right path - I can't individually relabel every > single file. > > The next alternative it suggests > If you think this is caused by a badly mislabeled machine. > Then you need to fully relabel. > Do > touch /.autorelabel; reboot > > I haven't tried that yet since I'm expecting that to take a long time. > It is possible that is the issue - the files were copied over (using tar) > from a different laptop, which may not have carried SELinux lae\bel over. > (I'm unclear on this.) > > The suggestion I found particularly unhelpful is: > > If you want to allow httpd to have getattr access on the index.html file > Then you need to change the label on /home/bothner/public_html/index.html > Do > # semanage fcontext -a -t FILE_TYPE > '/home/bothner/public_html/index.html' > where FILE_TYPE is one of the following: [[long list]]. > Then execute: > restorecon -v '/home/bothner/public_html/index.html' > > First, I can't figure out what in the [[long list]] is appropriate. > Second, the "then" part suggests this might only fix one file at a time. > > I'm guessing the "full relabel" is the right thing. Do you have httpd_enable_homedirs turned on? setsebool -P httpd_enable_homedirs 1 What avc's are you seeing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk24RV8ACgkQrlYvE4MpobMafwCePHx36mQNJuw/vbRZ4JXsCJgk KPoAnRVX9gpXnLEWC2J0olMUuyU62ceG =OlQe -----END PGP SIGNATURE----- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
