Usr/sbin/setsebool P 1

/ Comments off

Usr/sbin/setsebool P 1 4,2/5 3461 votes

The zabbix processes execute with the zabbixt SELinux type.

  1. Httpd_can_network_connect Apache
Selinux

/usr/sbin/setsebool httpdcannetworkconnect 1 If that works, you can set it so that the default policy is changed and this setting will persist across reboots: /usr/sbin/setsebool -P httpdcannetworkconnect 1 Hope this saves others some time! Sudo /usr/sbin/setsebool -P ftphomedir 1. Long(er) story. I ran into “interesting” problem on CentOS while trying to setup VsFTP with FTPS. I was using FileZilla to connect to the server. The VsFTPd version that comes with my CentOS version seems to be rather old, 2.2.2. The setup however was smooth. But then the problems started. Vsftpd installation on CentOS 7 / RedHat 7 with selinux. Vsftpd (Very Secure File Transfer Protocol Daemon) is lightweight, fast and default FTP server daemon for rpm-based Linux distributions (CentOS/RHEL/Fedora). We will install vsftpd on CentOS7 with selinux enabled in Enforcing mode. Install vsftpd server.

Httpd_can_network_connect Apache

SELinux policy is customizable based on least access required. If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of publiccontentt and publiccontentrwt. These context allow any of the above domains to read the content. If you want a particular domain to write to the publiccontentrwt domain, you must set the appropriate boolean.Allow httpd servers to read the /var/httpd directory by adding the publiccontentt file type to the directory and by restoring the file type.semanage fcontext -a -t publiccontentt '/var/httpd(/.)?' Restorecon -F -R -v /var/httpd Allow httpd servers to read and write /var/tmp/incoming by adding the publiccontentrwt type to the directory and by restoring the file type. This also requires the allowhttpdanonwrite boolean to be set.semanage fcontext -a -t publiccontentrwt '/var/httpd/incoming(/.)?' Restorecon -F -R -v /var/httpd/incomingIf you want to allow apache scripts to write to public content, directories/files must be labeled publicrwcontentt., you must turn on the allowhttpdsysscriptanonwrite boolean.setsebool -P allowhttpdsysscriptanonwrite 1If you want to allow Apache to modify public files used for public file transfer services, directories/files must be labeled publiccontentrwt., you must turn on the allowhttpdanonwrite boolean.setsebool -P allowhttpdanonwrite 1FILE CONTEXTS.