[CentOS] SELinux context for web application directories

Fri Jun 27 19:01:48 UTC 2014
m.roth at 5-cent.us <m.roth at 5-cent.us>

James B. Byrne wrote:
> CentOS-6.5

> We deploy web applications written with the Ruby on Rails framework
using Capistrano (2.x).  Each 'family' of web applications are 'owned'
by a dedicated user id.  The present httpd service is Apache 2.2.15 and
we use Passenger 3.0.11.  We are moving shortly to a new deployment host
and at
> time we will be updating to Apache 2.4.9 and Passenger 4..0.25.

> Our deployment practice is to place the 'family' directory under
> This is the home directory of the application user id. We place each
individual web application or component into its own directory
underneath the
> family root.  So that things look like this:

 passenger_exec_t, etc.

And if you google anything else, note: DO NOT USE CHCON; it does *NOT*
remain following a reboot. Use semanage fcontext (and the manpage example
is what I use all the time), followed by a restorecon -Rv