xardit · May 25, 2016 21:13
diff --git a/selinux_fix_files_for_web.txt b/selinux_fix_files_for_web.txt
 selinux stuff with security-contex

 #check if is enabled
 getenforce

 # disable
 setenforce 0

 #RESET recursive
 restorecon -Rv /site/logs
 setfacl -Rb /site

 # set security-contex copying from another file/dir
 chcon -R --reference=/var/www /site

 # set for WWW
 chcon -Rt httpd_sys_content_t /site/www

 # set for logs
 chcon -Rt httpd_log_t /site/logs

 # set for ssl
 chcon -Rt httpd_config_t /site/ssl

 # set for conf
 chcon -Rt httpd_config_t /etc/nginx/conf*



 # CONTEXTS
 # www: httpd_sys_content_t
 # logs: httpd_log_t
 # conf: httpd_config_t
 # etc conf: etc_t
 # tmp: httpd_sys_content_rw_t

 # get boolean values
 getsebool -a

 # set network
 setsebool -P httpd_can_network_connect on
	selinux stuff with security-contex

	#check if is enabled
	getenforce

	# disable
	setenforce 0

	#RESET recursive
	restorecon -Rv /site/logs
	setfacl -Rb /site

	# set security-contex copying from another file/dir
	chcon -R --reference=/var/www /site

	# set for WWW
	chcon -Rt httpd_sys_content_t /site/www

	# set for logs
	chcon -Rt httpd_log_t /site/logs

	# set for ssl
	chcon -Rt httpd_config_t /site/ssl

	# set for conf
	chcon -Rt httpd_config_t /etc/nginx/conf*



	# CONTEXTS
	# www: httpd_sys_content_t
	# logs: httpd_log_t
	# conf: httpd_config_t
	# etc conf: etc_t
	# tmp: httpd_sys_content_rw_t

	# get boolean values
	getsebool -a

	# set network
	setsebool -P httpd_can_network_connect on