[Xapian-discuss] SELinux and search permissions
Marc Fromm
Marc.Fromm at wwu.edu
Wed Nov 27 18:38:33 GMT 2013
The fix for me was to change the security context from "var_lib_t" to "httpd_sys_content_t" to allow apache access t the templates and default directories.
semanage fcontext -a -t httpd_sys_content_t "/var/lib/omega/templates(/.*)?"
restorecon -R -v /var/lib/omega/templates
semanage fcontext -a -t httpd_sys_content_t "/var/lib/omega/data/default(/.*)?"
restorecon -R -v /var/lib/omega/data/default
-----Original Message-----
From: Olly Betts [mailto:olly at survex.com]
Sent: Monday, November 25, 2013 10:14 PM
To: Marc Fromm
Cc: xapian-discuss at lists.xapian.org
Subject: Re: [Xapian-discuss] SELinux and search permissions
On Thu, Nov 21, 2013 at 05:38:57PM +0000, Marc Fromm wrote:
> I am running xapian and omega on a Centos 6.4 SELinux enabled box.
>
> When I do a search I get the following message:
> Exception: Couldn't read format template `query' (Permission denied)
>
> If I disable SELinux the search executes correctly.
> I have enabled the httpd_enable_cgi boolean but that still does not
> allow the permissions needed.
>
> What else do I need to configure in SELinux for xapian and omega to work?
The omega CGI program needs to be able to read its template files, which are probably being read from this directory:
/var/lib/omega/templates
If you run it under strace you can see the filenames it tries to open.
I don't know enough about SELinux to say exactly how you'd configure that to be allowed though. If you work out the required runes, please add them to the wiki, or report back here.
Cheers,
Olly
More information about the Xapian-discuss
mailing list