[CentOS-docs] doc?: TipsAndTricks/ApacheVHostDir
Ed Heron
Ed at Heron-ent.com
Thu Sep 3 22:12:20 UTC 2009
From: "Filipe Brandenburger", Thursday, September 03, 2009 1:27 PM
>Hi,
>
>On Thu, Sep 3, 2009 at 15:13, Ed Heron<Ed at heron-ent.com> wrote:
>>> [1] I am not sure what will happen after a full relabeling of the
>>> system, since the new directory does not exist in the selinux database
>>> (I mean /etc/selinux/targeted/contexts/files/file_contexts, part of
>>> selinux-policy)
>>
>> I added a disclaimer. Does it cover it?
>
>The right way to fix it is to use "semanage fcontext" (see "man
>semanage") to make that change permanent even after a relabel.
>
>I believe it should be something like:
># semanage fcontext -a -t httpd_config_t "/etc/httpd/vconf\.d(/.*)?"
>
>After that, you can use "restorecon" instead of "chcon":
># restorecon -R /etc/httpd/vconf.d
>
>I did not test those above, so if you want to add them to the Wiki
>page you should test them before you do.
Interestingly...
# semanage fcontext -l | grep http
returns, among other things,
/etc/httpd(/.*)? all files
system_u:object_r:httpd_config_t:s0
so, the newly created directory is covered...
I also found...
/etc/vhosts regular file
system_u:object_r:httpd_config_t:s0
Not entirely sure what that is there for, except to cover people doing
wierded things than I'm proposing...
When I:
# mkdir /etc/httpd/yadda
# ls -lZ /etc/httpd
I get:
drwxr-xr-x root root system_u:object_r:httpd_config_t conf
drwxr-xr-x root root root:object_r:httpd_config_t yadda
next:
# restorecon -R /etc/httpd
and
# ls -lZ
I get the same thing. So, it isn't changing the SELinux user.. I'm
guessing we should...
# chcon --user=system_u yadda
but it would be optional?
>But I still agree that just using "conf.d" achieves exactly the same
>results with a lot less work, so it would still be my advice...
I now agree that the same results are achieved with virtual host files in
conf.d
I have updated the page. Have I acceptably promoted the 'preferred' method?
More information about the CentOS-docs
mailing list