On 27 April 2011 22:03, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/27/2011 11:51 AM, Per Bothner wrote: >> On 04/27/2011 05:22 AM, Daniel J Walsh wrote: >>> On 04/27/2011 02:45 AM, Per Bothner wrote: >>>> (I'm still having problems with symlinks from /var/www/html >>>> into /home. ÂThe fix that worked on F13 and F14 no longer works, >>>> and the SeLinux Alert Browser isn't as helpful as it used to be.) >>> Per Bothner, send me the AVC's you are struggling with and I will see if >>> I can help you, also the alert that is not being helpful. >> >> I link /var/www/html/per to /home/bothner/public_html. >> >> The SELinux Alert browser gives me a number of options, the first of which >> was to do: >> Â /sbin/restorecon -v /home >> After doing that, and refreshing the web Âbrowser then the alert browser >> suggests >> Â Â/sbin/restorecon -v /home/bothner >> Then it suggests: >> Â /sbin/restorecon -v /home/bothner/public_html >> Now it wants: >> Â /sbin/restorecon -v /home/bothner/public_html/index.html >> Clearly this is not the right path - I can't individually relabel every >> single file. >> >> The next alternative it suggests >> Â If you think this is caused by a badly mislabeled machine. >> Â Then you need to fully relabel. >> Â Do >> Â touch /.autorelabel; reboot >> >> I haven't tried that yet since I'm expecting that to take a long time. >> It is possible that is the issue - the files were copied over (using tar) >> from a different laptop, which may not have carried SELinux lae\bel over. >> (I'm unclear on this.) >> >> The suggestion I found particularly unhelpful is: >> >> Â If you want to allow httpd to have getattr access on the index.html file >> Â Then you need to change the label on /home/bothner/public_html/index.html >> Â Do >> Â # semanage fcontext -a -t FILE_TYPE >> '/home/bothner/public_html/index.html' >> Â where FILE_TYPE is one of the following: [[long list]]. >> Â Then execute: >> Â restorecon -v '/home/bothner/public_html/index.html' >> >> First, I can't figure out what in the [[long list]] is appropriate. >> Second, the "then" part suggests this might only fix one file at a time. >> >> I'm guessing the "full relabel" is the right thing. > > Do you have > httpd_enable_homedirs turned on? > > setsebool -P httpd_enable_homedirs 1 > > What avc's are you seeing? It seems the the httpd issue is not related to the original post. Please don't hijack the thread as it will confuse users. regards -- Manilal K M : àààààààâ àà àà. http://libregeek.blogspot.com -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
