红帽全球峰会此内容没有您所选择的语言版本。
2.4. Configuration examples
The following examples provide real-world demonstrations of how SELinux complements the Apache HTTP Server and how full function of the Apache HTTP Server can be maintained.
2.4.1. Running a static site
复制链接链接已复制到粘贴板!
To create a static website, label the
.html files for that website with the httpd_sys_content_t type. By default, the Apache HTTP Server cannot write to files that are labeled with the httpd_sys_content_t type. The following example creates a new directory to store files for a read-only website:
- Run the
mkdir /mywebsitecommand as the root user to create a top-level directory. - As the root user, create a
/mywebsite/index.htmlfile. Copy and paste the following content into/mywebsite/index.html:<html> <h2>index.html from /mywebsite/</h2> </html>
<html> <h2>index.html from /mywebsite/</h2> </html>Copy to Clipboard Copied! Toggle word wrap Toggle overflow - To allow the Apache HTTP Server read only access to
/mywebsite/, as well as files and subdirectories under it, label/mywebsite/with thehttpd_sys_content_ttype. Run the following command as the root user to add the label change to file-context configuration:semanage fcontext -a -t httpd_sys_content_t "/mywebsite(/.*)?"
~]# semanage fcontext -a -t httpd_sys_content_t "/mywebsite(/.*)?"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Run the
restorecon -R -v /mywebsitecommand as the root user to make the label changes:restorecon -R -v /mywebsite
~]# restorecon -R -v /mywebsite restorecon reset /mywebsite context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0 restorecon reset /mywebsite/index.html context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0Copy to Clipboard Copied! Toggle word wrap Toggle overflow - For this example, edit
/etc/httpd/conf/httpd.confas the root user. Comment out the existingDocumentRootoption. Add aDocumentRoot "/mywebsite"option. After editing, these options should look as follows:#DocumentRoot "/var/www/html" DocumentRoot "/mywebsite"
#DocumentRoot "/var/www/html" DocumentRoot "/mywebsite"Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Run the
service httpd statuscommand as the root user to see the status of the Apache HTTP Server. If the server is stopped, run theservice httpd startcommand as the root user to start it. If the server is running, run theservice httpd restartcommand as the root user to restart the service (this also applies any changes made tohttpd.conf). - Use a web browser to navigate to
http://localhost/index.html. The following is displayed:index.html from /mywebsite/
index.html from /mywebsite/Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}