May 072015
These pesky SeLinux commands that are just impossible to remember
We need some tools
yum install policycoreutils-python -y
Non-default location for homedirs
# say user dyzio comes from AD/LDAP and lives under /users/d/dyzio mkdir -p /users/{a..z} # precreate home_root_t chcon -t home_root_t /users semanage fcontext -a -t home_root_t "/users(/.*)?" restorecon -R -v /users # if you need to autocreate home dirs you'll need yum install -y oddjob-mkhomedir # and for AD users "usepasswd=True" in this file vim /etc/selinux/semanage.conf # this will check user entry in ldap and set correct security context "user_home_t" on user home
Samba
semanage fcontext -a -t samba_share_t "/srv/shared(/.*)?" restorecon -R -v /srv/shared
Apache
setsebool -P httpd_can_sendmail on
Assign the appropriate Selinux security context to our custom web app directories. This grants Apache permissions to access them.
chcon -Rv --type=httpd_sys_content_t /webapps/apps/app1/public_html chcon -Rv --type=httpd_sys_content_t /webapps/logs/app1/