-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/06/2011 11:31 PM, Paul Johnson wrote: > On Wed, Jan 5, 2011 at 11:46 AM, Les Mikesell <lesmikesell at gmail.com> wrote: >> On 1/5/2011 10:42 AM, Paul Johnson wrote: > >> >> What is keeping it from working with the supplied: >> Alias /phpMyAdmin /usr/share/phpMyAdmin >> (i.e. to the install location)? >> >> -- >> Les Mikesell >> lesmikesell at gmail.com > > You mean to say it does work for you, as delivered? Or that it ought > to work for me, but you are just guessing? > > In RedHat 6, at least, I cannot get ANY application to work if it does > not offer files up from /var/www/html (no matter what the http config > says). I now *THINK* the reason is SELinux. I understand http > configuration, SELinux is a whole different problem. I understand > the concept, but the tools to configure it are mysterious. The system > will not offer things from /usr/share or whatnot, even if I alter the > httpd config to allow it. The mediawiki RPM comes along with an > httpd.conf file that tries to allow it. But the system won't allow > it. Today I realized will not allow symbolic links from /var/www/html > pointing into "safe" parts of the file system. > > Yesterday I solved part of my mediawiki trouble. mail from php/CGI > programs was not going to the users. I found out that SELinux was > blocking mediawiki's attempted use of /usr/sbin/sendmail and learned > how to fix that (see: > http://www.mediawiki.org/wiki/Project:Support_desk#SOLVED:_RedHat_6_SELinux_blocks_MediaWiki_from_using_sendmail_1892). > > I have not been able to find anybody who is running Fedora or RedHat > with SELinux turned on who was able to use mediawiki as it was > delivered. If it works for you, please raise your hand. > > For example: > > http://www.johnson.homelinux.net/mywiki/Installing%20and%20configuring%20MediaWiki%20for%20Fedora%2014 > > http://www.linuxquestions.org/questions/linux-software-2/how-to-install-mediawiki-on-fedora-9-a-677135/ > > http://dailypackage.fedorabook.com/index.php?/archives/120-Productive-Monday-MediaWiki-Collaborative-publishing.html > > It may just be that we are all following some mistaken example from > somebody who did not understand this any better than we do. > > I had the same experience with phpMyAdmin. Not in /var/www/html. No Go. > > pj SELinux expects apache content to be labeled as apache content. The default label for read only content in httpd_sys_content_t. If you put this in a random location or some packager does, they need to make sure the content has the correct label. man httpd_selinux explains some of this. # semanage fcontext -a -t httpd_sys_content_t "/myapp(/.*)?" Tells SELinux the default label for all content under /myapp will be httpd_sys_content_t. Restorecon will then actually put the labels on your system. # restorecon -R -v /myapp Now you have permanently changed your SELinux labeling, and full relabel will maintain this. If you know of an application that puts content in a different location, please tell us and we will setup the default labeling for that directory, to be apache content. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0nQrQACgkQrlYvE4MpobNulgCdHuizqD98sKF1nu2Bpdq0boSe zzEAoKswdzyWInT16YnzmFp2+OA3rpS2 =IAre -----END PGP SIGNATURE-----