This learning activity will allow the student to practice troubleshooting and resolving SELinux filesystem context issues. Being able to discover and resolve SELinux context issues is a key concept when working with SELinux. At the end of this activity, the student will understand how to view and apply new security contexts to files and directories.
Successfully complete this lab by achieving the following learning objectives:
- Check the Directory and Index File Security Context
Compare the SELinux Security Context of /var/www/html to the /var/www/html/web-api directory to determine if the context of the new directory and its contents need to be adjusted. This can be queried with the command:
ls -Z /var/www
and view the context, which should read something like:
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 html
and view the context of the web-api directory via:
ls -Z /var/www/html
and view the context, which will look different, something like:
drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 web-api
Note the ‘html’ directory appears to have a specific context for HTTPD access by the service itself.
- Restore the Appropriate Security Context to the API Directory
Now that you know the security context is not appropriate for httpd, since it exists within the httpd directory, you can take advantage of the setting by just restoring the context of the files and directories in the web /var/www/html directory. Execute the following command from within the /var/www/html directory either as root or using ‘sudo’:
restorecon -R web-api