selinux problems/soulutions

Community Support for Booked Scheduler
Post Reply
herby1620
Posts: 14
Joined: Tue Jul 28, 2020 9:32 pm

selinux problems/soulutions

Post by herby1620 »

Some notes when using selinux:

1) You need to allow writing for the files under booked. While this can be done with individual directories, it is easier to just do the whole 'booked' tree. I used the command:
chcon -R -t httpd_sys_rw_content_t .../booked
where the last argument is where you have installed booked.

2) To connect to the database php (and thus httpd) needs to be able to do outward network connections to the database port (3306). The command for this is:
setsebool -P httpd_can_network_connect_db 1

3) While I haven't used it, if you do LDAP authentication, you might need to:
setsebool -P httpd_can_connect_ldap 1

I hope this will help someone. I'm using Centos 8.3 right now if that makes a difference.

The alternative is to turn off selinux, but some might want to keep it on. Your choice. See the file /etc/selinux/config.

herby1620
Posts: 14
Joined: Tue Jul 28, 2020 9:32 pm

Re: selinux problems/soulutions

Post by herby1620 »

More muddling around with SELINUX

The fine grain permissions to allow write are:

(I'm assuming you are at the top level of the 'booked' directory)
chcon -R -t httpd_sys_rw_content_t Web/img
chcon -R -t httpd_sys_rw_content_t Web/uploads
chcon -R -t httpd_sys_rw_content_t tpl_c
chcon -R -t httpd_sys_rw_content_t uploads
chcon -R -t httpd_sys_rw_content_t config

These directories are the only ones you need write access to. If all of a sudden things just "don't work", and you ARE running SELINUX, they may have changed. Sometimes puppet will do things behind your back and much things up, but these commands ought to make the program function. You also need to make sure that these directories/files have write permission. These (from what I've gleaned) are the only directories that are written to (outside of the database) in booked. Feel free to comment further if you have problems/solutions.

Post Reply