SELinux Konfiguration (Redhat, RHEL, CentOS)

Dieser Artikel beschreibt die SELinux Konfiguration für ein VIMP webhosting. Dieser wurde unter RedHat, CentOS 6, 7 und 8 getestet.

Wir gehen davon aus, dass VIMP unter folgendem Verzeichnis installiert wurde:
/var/www/html/

First we install some tools

yum install -y policycoreutils-python-utils
yum install -y setroubleshoot

We configure the VIMP directories for SELinux with the following commands

semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
semanage fcontext -a -t httpd_log_t "/var/www/html/log(/.*)?"
semanage fcontext -m -t httpd_sys_rw_content_t "/var/www/html/log(/.*)?"
semanage fcontext -a -t httpd_cache_t "/var/www/html/cache(/.*)?"
semanage fcontext -m -t httpd_sys_rw_content_t "/var/www/html/cache(/.*)?"
semanage fcontext -a -t httpd_cache_t "/var/www/html/web/cache(/.*)?"
semanage fcontext -m -t httpd_sys_rw_content_t "/var/www/html/web/cache(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/userdata(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/web/images(/.*)?"
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/plugins(/.*)?"

setsebool -P httpd_can_network_connect on

And in a final step set the labels for the directories and make the rules persistent:

restorecon -Rv /var/www/html

That´s it and apache2/httpd should deliver your VIMP website immediately after reloading it.