http寫入資料夾權限的問題:
chcon -t public_content_rw_t /path
以下指令只是暫時更改屬性,重閏機後會恢復預設值
setsebool allow_httpd_anon_write on setsebool allow_httpd_sys_script_anon_write on
如要開機後屬性不變,改用以下指令
setsebool -P httpd_anon_write 1 setsebool -P allow_httpd_sys_script_anon_write 1
針對某一資料夾寫入問題可用:
chcon -R -t httpd_sys_rw_content_t /path
CeonOS 7使用此方法,samba似乎無法讀取的問題。
使用以下指令可以修正此方去
The simple way is to just allow samba read/write access everywhere with:
setsebool -P samba_export_all_rw 1
If you’re concerned with Samba having full access to all directories and only want to change /var/www, try:
chcon -t public_content_rw_t /var/www setsebool -P allow_smbd_anon_write 1 setsebool -P allow_httpd_anon_write 1
————————————————————————————————————————————————————————–
關於ann2公告系統的問題
SELinux is preventing /usr/sbin/httpd from ‘name_connect’ accesses on the tcp_socket port 5432.
***** Plugin catchall_boolean (47.5 confidence) suggests *******************
If you want to allow HTTPD scripts and modules to connect to the network using any TCP port.
Then you must tell SELinux about this by enabling the ‘httpd_can_network_connect’ boolean.
Do
setsebool -P httpd_can_network_connect 1
***** Plugin catchall_boolean (47.5 confidence) suggests *******************
If you want to allow HTTPD scripts and modules to connect to databases over the network.
Then you must tell SELinux about this by enabling the ‘httpd_can_network_connect_db’ boolean.
Do
setsebool -P httpd_can_network_connect_db 1
————————————————————————————————————————————————————————
To make a domain permissive, run the semanage permissive -a domain command, where domain is the domain you want to make permissive. For example, enter the following command as root to make the httpd_t domain (the domain the Apache HTTP Server runs in) permissive:
[~]# semanage permissive -a httpd_t
To view a list of domains you have made permissive, run the semodule -l | grep permissive command as root. For example:
[~]# semodule -l | grep permissive permissive_httpd_t (null) permissivedomains (null)
If you no longer want a domain to be permissive, run the semanage permissive -d domain command as root. For example:
[~]# semanage permissive -d httpd_t