我有一个SELinux的问题!
我已经在Red Hat Enterprise 6上安装了带有AD组控制和SSL Cert的git。 一切工作正常,如果我做setenforce 0 (设置SELinux只在检测模式),或者如果我做semanage permissive -a httpd_t (设置httpd_t检测只模式)
我不想在我的git生产服务器上使用这个。
有没有人可以帮助我们与SELinux?
以下是您可能需要帮助我的一些信息:
我可以得到的所有帮助将会是:
这是ls -lZa / preproduction / git / repositories /
ls -lZa /preproduction/git/repositories/ drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 . drwxr-xr-x. apache apache unconfined_u:object_r:file_t:s0 .. drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 playground drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 shamrock.git drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 test 这里是getsebool -a | grep -i httpd的输出
getsebool -a |grep -i httpd allow_httpd_anon_write --> off allow_httpd_mod_auth_ntlm_winbind --> off allow_httpd_mod_auth_pam --> off allow_httpd_sys_script_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> on httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> off httpd_execmem --> off httpd_read_user_content --> off httpd_setrlimit --> off httpd_ssi_exec --> off httpd_tmp_exec --> off httpd_tty_comm --> on httpd_unified --> on httpd_use_cifs --> off httpd_use_gpg --> off httpd_use_nfs --> off
这是sestatus的状态
sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted
使用audit2allow来parsingaudit.log并生成正确的规则。 也有可能是强制重新贴上git仓库。
在这里你会发现你的问题很好的文档: http : //wiki.centos.org/HowTos/SELinux