02.07
SELinux seems to be one of the technologies available with great potential but with little or no user-acceptance. I have often ended up disabling the security features due to limited time reading up on, and then configuring the it to fit my needs. However I thought I should give the policies delivered with CentOS a go.
To get started with the targeted policies have a look at the selinux and httpd_selinux manual pages:
$ man selinux $ man httpd_selinux
Those two manual pages should give enough information to get started.
Something I find myself wanting to do is enabling CGI script to execute and then granting those scripts access to files. To run /path/to/file.cgi as a CGI script reading data from /path/to/read/directory and writing to /path/to/write/directory execute:
# chcon -t httpd_sys_script_exec_t /path/to/file.cgi # chcon -t httpd_sys_script_ro_t -R /path/to/read/directory/ # chcon -t httpd_sys_script_rw_t -R /path/to/write/directory/
For debugging purposes SELinux for Apache can be disabled by:
# setsebool -P httpd_disable_trans 0 # service httpd restart
To list out what contexts files have use the -Z for ls:
$ ls -Z
For some more information on the subject check out:
No Comment.
Add Your Comment