selinux 怎么设？请高手帮忙啊

发布于 2022-09-18 18:22:14 字数 2927 浏览 18 评论 0

错误如下：

概述SELinux prevented httpd reading and writing access to http files.
详细描述SELinux prevented httpd reading and writing access to http files. Ordinarily httpd is allowed full access to all files labeled with http file context. This machine has a tightened security policy with the httpd_unified turned off, this requires explicit labeling of all files. If a file is a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order to be executed. If it is read-only content, it needs to be labeled httpd_TYPE_content_t, it is writable content. it needs to be labeled httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the chcon command to change these contexts. Please refer to the man page "man httpd_selinux" or FAQ "TYPE" refers to one of "sys", "user" or "staff" or potentially other script types.
允许访问Changing the "httpd_unified" boolean to true will allow this access: "setsebool -P httpd_unified=1"
Fix 命令setsebool -P httpd_unified=1
附加信息源上下文:  system_u:system_r:httpd_t:s0
目标上下文:  system_ubject_r:httpd_sys_content_t:s0
目标对象:  ./server [ file ]
源:  httpd源
路径:  /usr/sbin/httpd
端口:  <未知>
主机:  yu
源 RPM 软件包:  httpd-2.2.11-2.fc10
目标 RPM 软件包:
策略 RPM:  selinux-policy-3.5.13-54.fc10
启用 Selinux:  True
策略类型:  targeted
启用 MLS:  TrueEnforcing
模式:  Enforcing
插件名称:  httpd_unified
主机名:  yu
平台:  Linux yu 2.6.27.21-170.2.56.fc10.i686 #1 SMP Mon Mar 23 23:37:54 EDT 2009 i686 athlon
警报计数:  3
第一个:  2009年04月11日星期六 14时57分02秒
最后一个:  2009年04月11日星期六 15时02分33秒
本地 ID:  7a2cd6f6-0720-4b6a-8493-9ee8cbc3772f
行号:
原始核查信息 :node=yu type=AVC msg=audit(1239433353.442:91): avc: denied { create } for pid=2344 comm="httpd" name="server" scontext=system_u:system_r:httpd_t:s0 tcontext=system_ubject_r:httpd_sys_content_t:s0 tclass=file node=yu type=SYSCALL msg=audit(1239433353.442:91): arch=40000003 syscall=5 success=no exit=-13 a0=b7dfa408 a1=241 a2=1b6 a3=b7dfa408 items=0 ppid=2287 pid=2344 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)