I'm using this on my prod system:
/usr/share/nginx/html/wordpress/.*\.php all files
system_u:object_r:httpd_sys_script_exec_t:s0
/usr/share/nginx/html/wordpress/wp-content all files
system_u:object_r:httpd_sys_rw_content_t:s0
/usr/share/nginx/html/wordpress/wp-content/plugins(/.*)? all files
system_u:object_r:httpd_sys_rw_content_t:s0
/usr/share/nginx/html/wordpress/wp-content/themes(/.*)? all files
system_u:object_r:httpd_sys_rw_content_t:s0
/usr/share/nginx/html/wordpress/wp-content/upgrade(/.*)? all files
system_u:object_r:httpd_sys_rw_content_t:s0
/usr/share/nginx/html/wordpress/wp-content/uploads(/.*)? all files
system_u:object_r:httpd_sys_rw_content_t:s0
/usr/share/nginx/html/wordpress/wp-content/wflogs(/.*)? all files
system_u:object_r:httpd_sys_rw_content_t:s0
/usr/share/nginx/html/wordpress/wp-includes/.*\.php all files
system_u:object_r:httpd_sys_script_exec_t:s0
adapt your paths and add your definitions as follow:
semanage fcontext -a -t httpd_sys_script_exec_t
'/usr/share/nginx/html/wordpress/.*\.php' semanage fcontext -a -t
httpd_sys_rw_content_t
'/usr/share/nginx/html/wordpress/wp-content/plugins(/.*)?'...
yada yada
than apply your changes by doing
restorecon -RFv '/usr/share/nginx/html/'
check if your context is set probably
ls -laZ /usr/share/nginx/html/wordpress
On 8/31/20 7:01 AM, Roland Müller wrote:
Yes, I think so. The most important piece in SELinux setup is the
type
which is 'httpd_sys_rw_content_t' which stears the context transitions.
Am So., 30. Aug. 2020 um 18:35 Uhr schrieb Jason Long
<hack3rcon(a)yahoo.com <mailto:hack3rcon@yahoo.com>>:
Hello,
Is my WordPress directory protecting by SELinux?
$ ls -lZ /var/www/wordpress/
total 484
drwxrwxr-x. 2 apache apache
unconfined_u:object_r:httpd_sys_rw_content_t:s0
6 Oct 30 2019 cgi-bin
-rwxrwxr-x. 1 apache apache
unconfined_u:object_r:httpd_sys_rw_content_t:s0
53 Oct 21 2019 googlee4e6cdb3b56c49dd.html
-rwxrwxr-x. 1 apache apache
unconfined_u:object_r:httpd_sys_rw_content_t:s0
405 Apr 3 22:42 index.php
Thank you.
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
<mailto:selinux@lists.fedoraproject.org>
To unsubscribe send an email to
selinux-leave(a)lists.fedoraproject.org
<mailto:selinux-leave@lists.fedoraproject.org>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject...