[CentOS] selinux problem policies

Sun Apr 30 18:24:21 UTC 2017
James A. Peltier <jpeltier at sfu.ca>

If the content is located under /var/www then you could use restorcon -Rvv to restore the context of all content under /var/www to the default context label as provided by Apache.

----- On 30 Apr, 2017, at 07:03, Günther J. Niederwimmer gjn at gjn.priv.at wrote:

| Hello,
| 
| My problem is to add selinux policies
| can any help to say what is wrong with my policies
| I write this!
| 
| semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
| typo3conf(/.*)?"
| 
| I have more instances from typo3
| I found this construct in the selinux policies
| "/var/www/html(/.*)?/uploads(/.*)?"
| 
| but my is not working ?
| 
| and I have only errors?
| 
| neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/
| cil:244
|  (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto)))
|    <root>
|    allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675
|      (allow restorecond_t non_auth_file_type (file (getattr relabelfrom
| relabelto)))
|    <root>
|    allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108
|      (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom
| relabelto)))
| 
| neverallow check failed at /etc/selinux/targeted/tmp/modules/100/base/cil:
| 13121
|  (neverallow base_typeattr_18 scsi_generic_device_t (blk_file (read)))
|    <root>
|    allow at /etc/selinux/targeted/tmp/modules/100/munin/cil:581
|      (allow disk_munin_plugin_t device_node (blk_file (ioctl read getattr lock
| open)))
| .........
| 
| or is a other way to include policies better ?
| --
| mit freundlichen Grüssen / best regards
| 
|  Günther J. Niederwimmer
| _______________________________________________
| CentOS mailing list
| CentOS at centos.org
| https://lists.centos.org/mailman/listinfo/centos

-- 
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 604-365-6432
Fax     : 778-782-3045
E-Mail  : jpeltier at sfu.ca
Website : http://www.sfu.ca/itservices
Twitter : @sfu_rcg
Powering Engagement Through Technology