From a0a5ec8daf3888b3e317f002fdd0281299a64cf4 Mon Sep 17 00:00:00 2001 From: Henry Date: Sun, 18 Mar 2018 10:06:02 +0100 Subject: Selinux FAQ Command to run on SELinux system enabled --- docs/en/users/07_Frequently_Asked_Questions.md | 22 +++++++++++++++++++++- docs/fr/users/07_Frequently_Asked_Questions.md | 18 ++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/en/users/07_Frequently_Asked_Questions.md b/docs/en/users/07_Frequently_Asked_Questions.md index 132b2e7ec..08148ef98 100644 --- a/docs/en/users/07_Frequently_Asked_Questions.md +++ b/docs/en/users/07_Frequently_Asked_Questions.md @@ -43,4 +43,24 @@ Since [1.8.0](https://github.com/FreshRSS/FreshRSS/releases/tag/1.8.0) release, ```sh ./cli/update_user.php --user --password ``` -For more information on that matter, there is a [dedicated documentation](../../cli/README.md). \ No newline at end of file +For more information on that matter, there is a [dedicated documentation](../../cli/README.md). + +## Permissions under SELinux + +Some Linux distribution like Fedora or RedHat Enterprise Linux have SELinux system enabled. This acts like a firewall application, so all applications cannot write/modify files under certain conditions. While installing FreshRSS, step 2 can fail if the httpd process cannot write to the following directories : + + - FreshRSS/data + - FreshRSS/data/cache + - FreshRSS/data/favicons + - FreshRSS/data/users + +The following commands should be executed as root : + +```sh +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/FreshRSS/data +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/FreshRSS/data/cache' +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/FreshRSS/data/users' +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/FreshRSS/data/favicons' + +restorecon -Rv /usr/share/FreshRSS/data +``` \ No newline at end of file diff --git a/docs/fr/users/07_Frequently_Asked_Questions.md b/docs/fr/users/07_Frequently_Asked_Questions.md index f27c92579..b86d01e4f 100644 --- a/docs/fr/users/07_Frequently_Asked_Questions.md +++ b/docs/fr/users/07_Frequently_Asked_Questions.md @@ -44,3 +44,21 @@ Depuis la version [1.8.0](https://github.com/FreshRSS/FreshRSS/releases/tag/1.8. ./cli/update_user.php --user --password ``` Pour plus d'information à ce sujet, il existe la [documentation dédiée](../../cli/README.md). + +## Gérer les permissions sous SELinux + +Certaines distributions Linux comme Fedora ou RedHat Enterprise Linux (RHEL) activent par défaut le système SELinux. Celui-ci permet de gérer des permissions au niveau des processus. Lors de l'installation de FreshRSS, l'étape 2 procède à la vérification des droits sur certains répertoires: + + - FreshRSS/data + - FreshRSS/data/cache + - FreshRSS/data/favicons + - FreshRSS/data/users + +Il faut donc exécuter les commandes suivantes en tant que root : +```sh +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/FreshRSS/data +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/FreshRSS/data/cache' +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/FreshRSS/data/users' +semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/FreshRSS/data/favicons' + +restorecon -Rv /usr/share/FreshRSS/data -- cgit v1.2.3