httpd with SElinux

Giving httpd access to other folders (apart from default SElinux allowed folders):

  • system-config-selinux rocks!!
    Go to System-> Administration -> SELinux Management (or system-config-selinux from command line).
    Type httpd in Filter and press enter. You will see that files that allow httpd write access have the Selinux File Type httpd_cache_t:s0. So.. now you know what to do right? Say you want to give httpd write access to folder /var/lib/dokuwiki/data/cache, then add a new file labelling using the Add button with the following details:
    File specifications: /var/lib/dokuwiki/data/cache(/.*)?
    File Type: all files
    SELinux Type: httpd_cache_t
    MLS: s0

    and then
    restorecon /var/lib/dokuwiki/data/cache

    OR

  • Go to /var/lib/dokuwiki/data and apply the selinux file type to cache directorychcon -R -t httpd_cache_t /var/lib/dokuwiki/data/cache

And now, httpd should have write access to this folder.
Running httpd on other ports:
Open /etc/httpd/http.conf and change
Listen 80
to
Listen 81

If you use VirtualHosts, you need to change the ports there instead (<VirtualHost *:81>)
Giving httpd access to other ports:
Go to Network Port in SELinux Administration and filter of “80” and press enter. You will see an entry for http_port_t. Create a similar new entry for port 81 for SELinux Port type http_port_1.
And that’s it.
Links to posts that helped me:
Dan Walsh’s Blog

Notes on SElinux

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s