[SOLVED, selinux] restorecon does not set context

Support for security such as Firewalls and securing linux
Post Reply
nvc
Posts: 2
Joined: 2016/03/24 16:29:36

[SOLVED, selinux] restorecon does not set context

Post by nvc » 2016/03/24 17:01:14

Hello,

I'm new on this site and CentOS, so I have to to ask to you. :)

I run the following commands:

Code: Select all

$ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/domini/mydomain.it(/.*?)'

$ sudo cat /etc/selinux/targeted/contexts/files/file_contexts.local
# This file is auto-generated by libsemanage
# Do not edit directly.

/var/www/domini/mydomain.it(/.*?)    system_u:object_r:httpd_sys_rw_content_t:s0

$ sudo restorecon -R -v /var/www/domini/mydomain.it

$ ls -lZ /var/www/domini/mydomain.it
drwxr-xr-x. utente1 apache unconfined_u:object_r:httpd_user_content_t:s0 dictionary
drwxr-xr-x. utente1 apache system_u:object_r:httpd_user_content_t:s0 lessons
drwxr-xr-x. apache            apache system_u:object_r:httpd_user_content_t:s0 server-logs
drwxrwxr-x. utente1 apache unconfined_u:object_r:httpd_user_content_t:s0 shop
drwxrwxr-x. utente1 apache system_u:object_r:httpd_user_content_t:s0 static
drwxr-xr-x. utente1 apache system_u:object_r:httpd_user_content_t:s0 temp
drwxrwxr-x. utente1 apache system_u:object_r:httpd_user_content_t:s0 test
As you can see the context is 'httpd_user_content_t instead of 'httpd_sys_rw_content_t', why?

Thank you.

P.S. The same happens with the initial command: $ sudo semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/domini/mydomain.it(/.*)?' (note the question mark's position).

nvc
Posts: 2
Joined: 2016/03/24 16:29:36

Re: [SOLVED, selinux] restorecon does not set context

Post by nvc » 2016/03/24 22:09:00

Solved with:

Code: Select all

$ sudo chcon -R -t httpd_sys_rw_content_t /var/www/domini/mydomain.it
$ sudo restorecon -vR /var/www/domini/mydomain.it
$ sudo shutdown -r now # to see if it's a permanent change 
$ ls -lZ /var/www/domini/mydomain.it
drwxr-xr-x. utente1 apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 dictionary
drwxr-xr-x. utente1 apache system_u:object_r:httpd_sys_rw_content_t:s0 lessons
drwxr-xr-x. apache            apache system_u:object_r:httpd_sys_rw_content_t:s0 server-logs
drwxrwxr-x. utente1 apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 shop
drwxrwxr-x. utente1 apache system_u:object_r:httpd_sys_rw_content_t:s0 static
drwxr-xr-x. utente1 apache system_u:object_r:httpd_sys_rw_content_t:s0 temp
drwxrwxr-x. utente1 apache system_u:object_r:httpd_sys_rw_content_t:s0 test

Post Reply

Return to “CentOS 7 - Security Support”