我不想禁用Selinux,但是我遇到了问题。 我正在使用FFMPEG(位于/ var / www / tester / ffmpeg并由apache拥有)
[root@betaX tester]# ls -Z /var/www/html/tester/ffmpeg/ -rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 ffmpeg -rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 ffmpeg-10bit -rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 ffprobe -rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 ffserver drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 manpages drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 model -rwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 qt-faststart 但每次我尝试运行ffmpeg
{ffmpeg-cmd} -i {input} -vcodec libx264 -s {ffmpeg-vsize} -threads 16 -movflags faststart {output}.mp4
我正在获得权限被拒绝的错误。
[root@betaX tester]# tail -f /var/log/httpd/error_log sh: /var/www/html/tester/ffmpeg/ffmpeg: Permission denied
我只想为Apache禁用Selinux,因为它会花费我很多时间,有什么方法可以在Centos 7.x上做到这一点? 我在Fedora中find了一个解决scheme,但是我没有任何名为/etc/selinux/targeted/booleans文件夹或文件。
任何线索或build议?
当前的设置
[root@betaX tester]# /usr/sbin/getsebool -a | grep httpd httpd_anon_write --> off httpd_builtin_scripting --> on httpd_can_check_spam --> off httpd_can_connect_ftp --> off httpd_can_connect_ldap --> off httpd_can_connect_mythtv --> off httpd_can_connect_zabbix --> off httpd_can_network_connect --> off httpd_can_network_connect_cobbler --> off httpd_can_network_connect_db --> off httpd_can_network_memcache --> off httpd_can_network_relay --> off httpd_can_sendmail --> off httpd_dbus_avahi --> off httpd_dbus_sssd --> off httpd_dontaudit_search_dirs --> off httpd_enable_cgi --> off httpd_enable_ftp_server --> off httpd_enable_homedirs --> off httpd_execmem --> on httpd_graceful_shutdown --> on httpd_manage_ipa --> off httpd_mod_auth_ntlm_winbind --> off httpd_mod_auth_pam --> off httpd_read_user_content --> off httpd_run_ipa --> off httpd_run_preupgrade --> off httpd_run_stickshift --> off httpd_serve_cobbler_files --> off httpd_setrlimit --> off httpd_ssi_exec --> on httpd_sys_script_anon_write --> off httpd_tmp_exec --> off httpd_tty_comm --> off httpd_unified --> off httpd_use_cifs --> off httpd_use_fusefs --> off httpd_use_gpg --> off httpd_use_nfs --> off httpd_use_openstack --> off httpd_use_sasl --> off httpd_verify_dns --> off
重新标记为http_sys_script_exec_t (请参阅semanage fcontext和restorecon)。
要只是禁用SELinux的Apache:
semanage permissive -a httpd_t