개요
gitweb 때문에 /var/lib/git 을 apache httpd 에 추가해도 SELinux 의 rules 에 어긋나므로 httpd 는 해당 폴더를 읽을수가 없다. 기타 /var/www 가 아닌 경우에 web contents 를 넣었을 경우
SElinux의 rule 에 추가하여 처리하는 방법을 정리해 본다.
처리
semanage fcontext 명령어로 context path 확인
semanage fcontext -l |grep httpd_sys_content_t /etc/htdig(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /srv/([^/]*/)?www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /srv/gallery2(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /usr/share/drupal.* all files system_u:object_r:httpd_sys_content_t:s0 /usr/share/htdig(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /usr/share/icecast(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /usr/share/mythtv/data(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /usr/share/mythweb(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /usr/share/ntop/html(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /usr/share/openca/htdocs(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /usr/share/selinux-policy[^/]*/html(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /var/lib/cacti/rra(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /var/lib/graphite-web(/.*) all files system_u:object_r:httpd_sys_content_t:s0 /var/lib/htdig(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /var/lib/trac(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /var/www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /var/www/icons(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 /var/www/svn/conf(/.*)? all files system_u:object_r:httpd_sys_content_t:s0
- fcontext 추가
- semanage fcontext -a -t httpd_sys_content_t /var/lib/git\(\/.*\)?
- restorecon -R -v /var/lib/git
확인
aa
Ref