Maybe not as specific as it should be, but:
chcon -Rv --type=httpd_sys_content_t /var/www/ semanage fcontext -a -t httpd_sys_rw_content_t "/var/www(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/codereview.iacc.dis.gov(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/codereview.iacc.dis.gov/data/(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/codereview.iacc.dis.gov/htdocs/media/ext(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/codereview.iacc.dis.gov/htdocs/static/ext(/.*)?" restorecon -R -v /var/www/ On Tuesday, June 25, 2013 at 11:27:06 AM UTC-5, Stephen Gallagher wrote: > > On 06/25/2013 12:24 PM, Matthew Woehlke wrote: > > On 2013-06-25 07:48, Stephen Gallagher wrote: > >> Yeah, my TODO list includes working up some SELinux rules for > >> ReviewBoard and getting rb-site to be capable of setting them up during > >> installation. It's a pretty big task and low on my priority list right > >> now, unfortunately. > > > > Heh. I'm running with SELinux enabled. I can probably dig up the > > relevant *compiled* rules if those are of any use. I think I deleted the > > 'source' files for them, however. (Yeah, bad decision in retrospect, but > > haven't gotten around to trying to recreate them.) > > > > I don't think there are actually very many (maybe four, but at least one > > is git specific; probably need additional rules for other VCS's). > > > > If you can figure out what they are, it would be a great start for me. > > I don't necessarily just need exception rules, though. We may want to > introduce new SELinux types for rules so we keep things constrained. > (Though since basically everything runs inside apache/mod_wsgi, we're > probably going to end up mostly using apache rules). > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "reviewboard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
