I'll admit straight away here that SELinux was news to me 6mths ago when I installed Centos5 (RHEL5 equivalent) for the first time. Since then I've found out a little, mainly because I had to.
SELinux lurks like a rake in the grass and whangs you on the noggin just when you're 100% sure you know what you're doing.
For example SELinux was the culprit when a pretty simple perl DBI script wasn't allowed to connect to a remote database when run as a CGI script, but the same script worked fine as a shell script. And the error was no more than an unhelpful and inscruitable "Can't create TCP/IP socket (13)".
Its been a real pain, so here are two things you may wish to read...
When pain strikes reach for: How to Disable SELinux turning it off is a sure fire way to find out if it really is an SELinux problem.
Then when you want to turn it back on again read this: Apache and SELinux to find out how to configure it to allow httpd to do some things without opening the door to everything.
Danny Angus
blog.killerbees.co.uk
Labels
Thursday, June 12, 2008
Apache httpd & SELinux
Further Reading
-
-
Launch of the 2020 ASF Community Survey - This week, we are excited to launch the 2020 ASF Community Survey, with which we will gather scientific data that allows us to understand our community b...10 hours ago
-
ApacheCon Europe 2019 – Day 1 - newthinking communications has added a photo to the pool: [image: ApacheCon Europe 2019 – Day 1] Day one of #ACEU19 kicked-off with a Barcamp and a coupl...5 weeks ago
-
Crypto back doors are still a bad idea - In the always interesting Lawfare blog, former FBI counsel Jim Baker in a piece alled *Rethinking Encryption* reiterates his take on the encrpytion debat...1 month ago
-
-
GTID implementation - Oracle vs MariaDB - Oracle MySQL has implemented GTID differently from MariaDB; this article walks through some of the key differences. Before we look at the details, let’s ...1 year ago
-
ApacheCon Seville 2016 – Building a Container Solution on Top of Apache CloudStack- Steve Roles - Building a Container Solution on Top of Apache CloudStack- Steve Roles Cloud native applications running in containerised environments look set to create a...2 years ago
-
Nóirín Plunkett - https://www.flickr.com/photos/robertburrelldonkin/5729816462 smiles and socks retreating in co. wicklow now empty whiskey and secrets bar camping in ox...4 years ago
-
Hello world! - Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!4 years ago
-
Debugging MySQL Slow Queries With Many Joins - This week I encountered an issue that I hadn’t seen in a while. The ORM in a CMS project that I work on automatically joins to many subclass tables, causin...6 years ago
-
Boat For Sale - Boat For Sale: Price: £150 Terms and Conditions Oracle reserve the right to alter the web price of this acticle even after purchase. Price does n...12 years ago
I know nothing, I'm not a fortune teller, and you'd be insane to think that I am. This disclaimer was cribbed from an email footer I once received. It is so ridiculous I had to have it for myself.
Statements in this blog that are not purely historical are forward-looking statements including, without limitation, statements regarding my expectations, objectives, anticipations, plans, hopes, beliefs, intentions or strategies regarding the future. Factors that could cause actual results to differ materially from the forward looking statements include risks and uncertainties such as any unforeseen event or any unforeseen system failures, and other risks. It is important to note that actual outcomes could differ materially from those in such forward-looking statements.
Danny Angus Copyright © 2006-2013 (OMG that's seven years of this nonsense)
Comments:
Thanks so much for this insight, I was having a major headache getting apache serving content from my NAS and a quick shut down of SELinux at least told me it wasn't my apache conf or my symlinks!
blog comments powered by Disqus