Something's wrong with my setting on SELinux

Place to discuss Fedora and/or Red Hat
Post Reply
User avatar
Basher52
guru
guru
Posts: 918
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Something's wrong with my setting on SELinux

Post by Basher52 » Wed Jul 11, 2018 3:30 pm

Using CentOS7 and I have always turned SELinux off/permissive 'cos I'm always in a hurry but this time I decided to do it correctly.
I googled a lot about this and finally found a thing that seemed OK of all the others so I tried it out.
But nope, all settings did 'install' OK but the result is not OK.

As 'void main' told me long time ago, keep all files owned by root and not Apache and so I did that but it seems after these SELinux-setting I used
I now have to make almost every file 777 for Apache to be able to even read them, so something gotta be wrong with the SELinux-settings.
I never ever had this problem before as I never used SELinux, but I thought that I gotta keep up with everyone else.

I hope someone here can see there error in this cos I sure as heck can't.
I also can say that I use LetsEncrypt if that makes any difference?

Here comes an excerpt of my what-to-do-after-installing-centos7 file :P

Code: Select all

---------------------------------------------------------------------
SELINUX
---------------------------------------------------------------------
Set SELinux Security Context to MariaDB Data Directory.

Add the SELinux security context to /dir1/dir2 before restarting MariaDB:
	semanage fcontext -a -t mysqld_db_t "/dir1/dir2(/.*)?"
	restorecon -R /dir1/dir2

Enable autostart at boot
	systemctl enable mariadb.service

Set SELinux Security Context to Apache Data Directory
	chcon -R --reference=/var/www/html/ /webdata1
	chcon -R -t httpd_sys_rw_content_t /webdata1/
	semanage fcontext -a -t httpd_sys_rw_content_t "/webdata1(/.*)?"
	setsebool -P httpd_enable_homedirs true
	chmod 755 /webdata1	### important ###
	systemd restart httpd

Set a password for 'root', run:
	mysql_secure_installation and follow the scrip-questions

Remember to install .htaccess & .htpasswd files in '/usr/share/phpMyAdmin/'
	(Only other directory allowed is /etc/httpd)
EDIT:
PS. saw the MariaDB thing, it's just cos I move the DB to another disk.

Post Reply