{"id":12883,"date":"2013-04-10T08:30:31","date_gmt":"2013-04-09T23:30:31","guid":{"rendered":"http:\/\/www.sssg.org\/blogs\/hiro345\/?p=12883"},"modified":"2013-04-10T20:15:13","modified_gmt":"2013-04-10T11:15:13","slug":"owncloud%e3%81%8ccentos6-4%e3%81%aeselinux%e7%92%b0%e5%a2%83%e3%81%a7%e5%8b%95%e3%81%8b%e3%81%aa%e3%81%84%e3%81%a8%e3%81%8d%e3%81%af","status":"publish","type":"post","link":"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/12883.html","title":{"rendered":"ownCloud\u304cCentOS6.4\u306eSELinux\u74b0\u5883\u3067\u52d5\u304b\u306a\u3044\u3068\u304d\u306f"},"content":{"rendered":"

ownCloud\u304cCentOS6.4\u306eSELinux\u74b0\u5883\u3067\u52d5\u304b\u306a\u3044\u3068\u304d\u306f\u4e0b\u8a18\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002
\n
\n\/var\/log\/audit\/audit.log \u3092\u78ba\u8a8d\u3059\u308b\u3068\u826f\u3044\u306e\u3067\u3059\u304c\u3001\u3082\u3057 config\u3001data\u3001apps \u3078\u306e\u66f8\u304d\u8fbc\u307f\u306b\u5931\u6557\u3057\u3066\u3044\u308b\u3088\u3046\u306a\u3089\u3001setsebool \u3067 httpd_builtin_scripting \u3092 1\u306b\u3057\u305f\u4e0a\u3067\u3001httpd_sys_rw_content_t \u306e\u5c5e\u6027\u3092\u3064\u3051\u308c\u3070\u89e3\u6c7a\u3059\u308b\u306f\u305a\u3067\u3059\u3002\u307e\u305f\u3001semanage \u3067 fcontext\u306e\u8ffd\u52a0\u3082\u3057\u3066\u304a\u304d\u307e\u3057\u3087\u3046\u3002<\/p>\n

\r\n#! \/bin\/sh\r\nOWNCLOUD_HOME=\/var\/www\/owncloud\r\nsetsebool -P httpd_builtin_scripting 1\r\nchcon -R -t httpd_sys_rw_content_t $OWNCLOUD_HOME\/config\r\nchcon -R -t httpd_sys_rw_content_t $OWNCLOUD_HOME\/data\r\nchcon -R -t httpd_sys_rw_content_t $OWNCLOUD_HOME\/apps\r\nsemanage fcontext -a -s system_u -t httpd_sys_rw_content_t $OWNCLOUD_HOME\/config\r\nsemanage fcontext -a -s system_u -t httpd_sys_rw_content_t $OWNCLOUD_HOME\/data\r\nsemanage fcontext -a -s system_u -t httpd_sys_rw_content_t $OWNCLOUD_HOME\/apps\r\n<\/pre>\n
\u3061\u306a\u307f\u306b\u3001\u624b\u5143\u3067\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u611f\u3058\u3067\u30a8\u30e9\u30fc\u304c\u3067\u305f\u306e\u3067\u3001\u5bfe\u5fdc\u3092\u3057\u307e\u3057\u305f\u3002<\/p>\n
\r\n# cat \/var\/log\/audit\/audit.log|grep -v success|grep write|tail -1\r\ntype=AVC msg=audit(1365429259.026:5): avc:  denied  { write } for  pid=1682 comm="httpd" name="config.php" dev=dm-0 ino=1581646 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file\r\n<\/pre>\n
\u52d5\u4f5c\u3057\u306a\u3044\u6642\u306f\u3001\u4e0b\u8a18\u306e\u3088\u3046\u306b\u3057\u3066\u3001SELinux \u3092 Permissive \u30e2\u30fc\u30c9\u306b\u3057\u3066\u3001\u52d5\u304f\u304b\u3069\u3046\u304b\u78ba\u8a8d\u3057\u307e\u3059\u3002SELinux\u3068\u306f\u95a2\u4fc2\u306a\u3044\u3068\u3053\u308d\u3067\u30a8\u30e9\u30fc\u306b\u306a\u3063\u3066\u3044\u308b\u3053\u3068\u3082\u3042\u308b\u304b\u3089\u3067\u3059\u3002Permissive \u30e2\u30fc\u30c9\u306b\u3057\u305f\u3060\u3051\u3067\u52d5\u304f\u306a\u3089 SELinux \u306e\u554f\u984c\u3002<\/p>\n
\r\n# setenforce 0\r\n<\/pre>\n
\u554f\u984c\u3092\u89e3\u6c7a\u3057\u3066\u304b\u3089\u4e0b\u8a18\u306e\u3088\u3046\u306b enforcing \u30e2\u30fc\u30c9\u3078\u623b\u3057\u307e\u3059\u3002<\/p>\n
\r\n# setenforce 1\r\n<\/pre>\n
\uff0a fcontext \u306e\u8ffd\u52a0\u306b\u3064\u3044\u3066\u6f0f\u308c\u3066\u3044\u305f\u306e\u3067\u4fee\u6b63\u3057\u307e\u3057\u305f\u3002(2013\/04\/10 20:15)<\/p>\n","protected":false},"excerpt":{"rendered":"
ownCloud\u304cCentOS6.4\u306eSELinux\u74b0\u5883\u3067\u52d5\u304b\u306a\u3044\u3068\u304d\u306f\u4e0b\u8a18\u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[1209,531,128],"class_list":["post-12883","post","type-post","status-publish","format-standard","hentry","category-linux","tag-linux","tag-owncloud","tag-selinux"],"_links":{"self":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/12883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/comments?post=12883"}],"version-history":[{"count":5,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/12883\/revisions"}],"predecessor-version":[{"id":12908,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/posts\/12883\/revisions\/12908"}],"wp:attachment":[{"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/media?parent=12883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/categories?post=12883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hiro345.net\/blogs\/hiro345\/wp-json\/wp\/v2\/tags?post=12883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}