Loading...
 
Skip to main content

History: RecipeSELinux

Preview of version: 14

This page documents how to get tiki working on Fedora Core 3 with SELinux enabled.

Background and Introduction


SELinux (Security-Enhanced Linux) is a set of modifications to the Linux kernel and several additional packages that provide extra security to a Linux system beyond the normal protections built into Linux/Unix.

SELinux is installed by default with Fedora Core 3. The default mode, or Policy Type, for SELinux is "Targeted". Targeted operation allows most activities to proceed normally, but can audit the operation of specific servers, including apache httpd, for the purposes of detecting and preventing possible security breaches.

Fedora Core 3 SELinux FAQ is a FAQ dealing with SELinux under Fedora Core 3. It contains links to the primary information sources regarding SELinux. Fedora Core 3 Apache HTTP SELinux Policy details understanding and customizing the SELinux policy for Apache httpd.

The gui for controlling SELinux is available from the Applications->System Settings->Security Level menu selection. Or by the command line: [root ~]# system-config-securitylevel

Image

Under the default installation for Fedora Core 3, SELinux prevents Apache httpd from running Tiki. To allow tiki to run you must edit the SELinux policy file, contained in /etc for Apache httpd. The files are:
/etc/selinux/targeted/src/policy/types/apache.te
/etc/selinux/targeted/src/policy/macros/program/apache_macros.te
/etc/selinux/targeted/src/policy/file_contexts/program/apache.fc
/etc/selinux/targeted/src/policy/domains/program/apache.te

This document details one strategy for modifing the SELinux policy to allow apache to run tikiwiki.

Requsites


This document assumes you are running Fedora Core 3 and have root access.

You must have the following rpm's installed:
httpd
system-config-httpd
httpd-suexec
httpd-manual
selinux-policy-targeted
libselinux
libselinux-devel
selinux-policy-strict
selinux-policy-targeted-sources

Check for rpmnew config files that may have been left by yum update:
cd etc/
find . -name "*.rpmnew" -print
You have to merge them into you changed config files or replace the outdated config files, e.g.:
root@grant targeted# cd /etc/selinux/targeted/policy/
root@grant policy# mv policy.18.rpmnew policy.18
root@grant policy# cd /etc/selinux/targeted/contexts/files/
root@grant files# mv file_contexts.rpmnew file_contexts

Check for the latest versions of the packages we'll be using, e.g.:
yum -y update

History

Information Version
thraxisp added policy commands 15
View
george.geller 14
View
george.geller 13
View
george.geller 12
View
george.geller 11
View
george.geller 10
View
george.geller 9
View
george.geller 8
View
george.geller 7
View
george.geller 6
View
george.geller 5
View
george.geller 4
View
george.geller 3
View
george.geller 2
View
george.geller 1
View