SELinux, Apache and Drupal

Submitted by roo on Wed, 01/03/2018 - 12:34

This wiki  is a good intro to SELinux. This gives just about enough info to troubleshoot apache/drupal/selinux.

A fuller understanding can be gained here: This starts with the basics - recommended!

The selinux policy for apache is documented here:

Apache runs under the httpd_t type domain. Files apache requires access to need to be in this domain too.

To give the files the correct type (ie, re-label the files), I ran:

#chcon -R -t httpd_sys_content_t /var/www/vhosts/
#chcon -R -t httpd_sys_content_rw_t /var/www/vhosts/

#chcon -R -t httpd_sys_content_t /var/www/vhosts/
#chcon -R -t httpd_sys_content_t /var/www/vhosts/
#chcon -R -t httpd_sys_content_t /var/www/vhosts/

This may be more permissive than ultimately desirable, but it seems better than setting SELinux to permissive.

This needs doing for all virtual hosts. A script will assist.

A policy also needs setting for these. The tool which I have dabbled with is system-config-selinux, which seems to be installed via dnf install policycoreutils-gui .