From 658cf7d47ef7d539d0df4ae5f2ce2d367957a6e7 Mon Sep 17 00:00:00 2001 From: Dan Scott Date: Fri, 28 Dec 2012 23:14:30 -0500 Subject: [PATCH] Add Fedora SELinux tweaks for Apache Pulled from http://goo.gl/mP00f into this script for convenience. Signed-off-by: Dan Scott --- Open-ILS/examples/apache/selinux | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 Open-ILS/examples/apache/selinux diff --git a/Open-ILS/examples/apache/selinux b/Open-ILS/examples/apache/selinux new file mode 100755 index 0000000000..16d5ed1ffc --- /dev/null +++ b/Open-ILS/examples/apache/selinux @@ -0,0 +1,31 @@ +#!/bin/bash + +setsebool httpd_can_network_connect on + +# Mark web content as, well, web content +chcon -R --type=httpd_sys_content_t /openils/lib/javascript +chcon -R --type=httpd_sys_content_t /openils/var/web +chcon -R --type=httpd_sys_content_t /openils/var/templates* +chcon -R --type=httpd_sys_content_t /openils/var/data +chcon -R --type=httpd_sys_content_t /openils/var/xsl +chcon --type=httpd_sys_content_t /openils/conf/opensrf_core.xml +chcon --type=httpd_sys_content_t /openils/conf/fm_IDL.xml + +# Mark the custom Apache modules +chcon --user=system_u --type=httpd_modules_t /usr/lib64/httpd/modules/mod_xmlent.so +chcon --user=system_u --type=httpd_modules_t /usr/lib64/httpd/modules/osrf_* + +# Mark the dynamic libraries we need to load +# "-h" changes the context of symlinks as well as files +chcon -h --type=lib_t /openils/lib/* + +# Mark executable scripts +chcon -t httpd_sys_script_exec_t /openils/bin/openurl_map.pl +chcon -t httpd_sys_script_exec_t /openils/bin/offline-blocked-list.pl + +# Might not have been necessary +chcon -R --user=system_u /usr/local/share/perl5/ +chcon --user=system_u /etc/httpd/conf.d/eg.conf +chcon --user=system_u /etc/httpd/startup.pl +chcon --user=system_u /etc/httpd/eg_vhost.conf +chcon -R --user=system_u /etc/httpd/ssl/ -- 2.11.0