itech9

When attempting to access a resource protected by selinux, the
console will look something like this:

To see the selinux attributes of a file:

$ ls -aZ info.php
-rw-r--r--  root root system_u:object_r:httpd_sys_content_t:s0 info.php

$ ls -aZ wiki/index.php
-rwxr-xr-x  root root system_u:object_r:fusefs_t:s0    wiki/index.php

To set the security attribute – as “httpd content”, this example :

$ chcon -R -t httpd_sys_content_t /var/www/html/wiki

$ ls -aZ wiki/index.php
-rwxr-xr-x  root root system_u:object_r:httpd_sys_content_t:s0 wiki/index.php

Config for selinux is here:

$ ls /etc/selinux/
config  restorecond.conf  semanage.conf  targeted

To disable/enable selinux:

$ /usr/sbin/setenforce [0|1]

For modules, the manager might show this:

If you trust /usr/lib/php/modules/pgsql.so to run correctly, you can
change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t
'/usr/lib/php/modules/pgsql.so'" You must also change the default file
context files on the system in order to preserve them even on a full
relabel. "semanage fcontext -a -t textrel_shlib_t
'/usr/lib/php/modules/pgsql.so'"

The following command will allow this access:chcon -t textrel_shlib_t
'/usr/lib/php/modules/pgsql.so'

If you want httpd to allow database connections you need to turn on
the httpd_can_network_connect_db boolean: "setsebool -P
httpd_can_network_connect_db=1"

The following command will allow this access:
setsebool -P httpd_can_network_connect_db=1

To restore configuration:

$ restorecon [-F] [-vv] [file|folder]

The ‘-F’ option forces context restoration.

‘restorecon’ (on Fedora rel 8 – Werewolf) is a link to ‘setfiles’.