正确的方法与Apache虚拟主机从一个安装读取设置SELINUX？ [英] Proper way to set SeLinux with Apache VirtualHost reading from a mount?

问题描述

我有一个坐骑，我需要建立从虚拟主机。 /选择/富

I have a mount that I need to setup a VirtualHost from. /opt/foo

当我在创建SELINUX的虚拟主机，Apache的报告，该目录不存在。

When I create the VirtualHost with SeLinux on, Apache reports that the directory does not exist.

当我设置SELINUX permissive模式，它工作正常。

When I set SeLinux to permissive mode, it works fine.

什么是设置的正确方法我 /选择/富目录，以便将与Apache和SELinux的时候才执行？

What is the proper way to setup my /opt/foo directory so that it will work with Apache and SeLinux when it is enforcing?

推荐答案

第一件事第一，宽松的模式意味着对SELinux只需登录到拒绝审计日志，但没有什么是真正拒绝。这只是用于调试和设置SELinux策略，你的系统是出了SELinux保护当启用premissive模式。 Enforing模式是有限制的SELinux进行全面的功能，还审计。

The first thing first, permissive mode means that SELinux just log denials into audit log, but nothing is really denied. It is just for debugging and setting your SELinux policy and your system is out of SELinux protection when premissive mode is enabled. Enforing mode is full SELinux functionality with restrictions and also auditing.

在你的情况，apache的有到/ opt / foo的任何访问。看到链接
<一href=\"http://superuser.com/questions/607409/configuring-selinux-to-allow-logging-to-a-file-thats-outside-var-log\">http://superuser.com/questions/607409/configuring-selinux-to-allow-logging-to-a-file-thats-outside-var-log

In your case, the apache has no access to /opt/foo. See the link http://superuser.com/questions/607409/configuring-selinux-to-allow-logging-to-a-file-thats-outside-var-log

但用它代替'var_log_tSELinux的类型'httpd_sys_content_t'。

but use the SELinux type 'httpd_sys_content_t' instead of 'var_log_t'.

这篇关于正确的方法与Apache虚拟主机从一个安装读取设置SELINUX？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！