From SELinux Wiki
Revision as of 15:15, 29 September 2009 by JoshuaBrindle (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Apache is a very configurable service and therefore there are many ways to confine it. Here are some recipes to get you going in common configurations.

Labeling public_html correctly

The public_html directory in your user home directory already has correct labeling rules, however if you create it, it may not be labeled correctly. Additionally, if you move files from your home directory they may not be labeled correctly. To relabel your public_html directory run restorecon:

[method@localhost ~]$ ls -Z 
drwxrwxr-x. method method system_u:object_r:user_home_t:s0 public_html

[method@localhost ~]$ restorecon -R public_html
[method@localhost ~]$ ls -Z 
drwxrwxr-x. method method staff_u:object_r:httpd_user_content_t:s0 public_html

As you can see above, the directory was relabeled from user_home_t to httpd_user_content_t. The public_html directory should now be accessible by Apache.

Allow Apache to connect to your database server

Allow Apache to run CGI scripts

Allow Apache to send mail

Using an NFS or CIFS home directory