I've been impressed yet frustrated with SELinux since setting this machine up, and have been slowly working through allowing all of the things that need to be allowed as they come up
The situation is as follow:
The user that Apache is on owns the folder it is trying to create a file in
The user that Apache is on has the folder that it is trying to create a file in, set as its home directory
The context of the folder is public_content_t - changed to this to allow FTP access which now works
SELinux is disallowing Apache to create the file, but never gives a reason for this. Instead it advises that I might wish to change the folders context back to its default (httpd_sys_content_t), and gives a command to do so
This is clearly not the solution to the problem, as stopping the folder being public content will stop FTP from working again, however SELinux hasn't actually told me what the problem is
In an effort to convince it to divulge the actual issue at hand, the reason why access was denied, I attempted to change the default context for the folder to public_content_t to match its current context, hence denying SELinux any reason to prompt the difference in contexts as a solution
However, SELinux gave no command for making this change, so I attempted to construct one myself based on past experience and previous SELinux troubleshooting messages, although Terminal took the command and executed it without issue, clearly the default contexts remained unchanged as SElinux persisted in showing me the same useless Troubleshooting message
I will state again that I have been very happy (though frustrated) with SELinux thus far, but I'm not impressed with this troubleshooting message, the fact that it assumes that its perfered solution is the only and best one is both wrong and arrogant, and the fact that it never gives the real reason is just stupid. This is staying very close to Microsuck's level of unhelpfulness
Does anyone know a way to get SELinux to tell me what the actual problem is, so that I can look for a solution that better suits my needs? Or failing that a command line that actually will set the default context of the folder so that I can take the first step to finding out myself?
While we're on the general subject what is SELinux for "Thats how I want it set up so shut up and sit in the corner"? Because it keeps complaining that I've used folders in too many policies or some crap that I frankly just don't care about
Linear Mode
