The httpd is the Apache HyperText Transfer Protocol (HTTP) daemon i.e. server program. httpd_selinux is a Security Enhanced Linux Policy for the httpd daemon under Fedora, Redhat, and CentOS Linux. It secures the httpd server via flexible mandatory access control. SELinux httpd policy is very flexible allowing users to setup their web services in as secure a method as possible.
SELinux and httpd contexts
The following file contexts types are defined for httpd:
- httpd_sys_content_t : Set files with httpd_sys_content_t for content which is available from all httpd scripts and the daemon.
- httpd_sys_script_exec_t : Set cgi scripts with httpd_sys_script_exec_t to allow them to run with access to all sys types.
- httpd_sys_script_ro_t : Set files with httpd_sys_script_ro_t if you want httpd_sys_script_exec_t scripts to read the data, and disallow other sys scripts from access.
- httpd_sys_script_rw_t : Set files with httpd_sys_script_rw_t if you want httpd_sys_script_exec_t scripts to read/write the data, and disallow other non sys scripts from access.
- httpd_sys_script_ra_t : Set files with httpd_sys_script_ra_t if you want httpd_sys_script_exec_t scripts to read/append to the file, and disallow other non sys scripts from access.
- httpd_unconfined_script_exec_t Set cgi scripts with httpd_unconfined_script_exec_t to allow them to run without any SELinux protection. This should only be used for a very complex httpd scripts, after exhausting all other options. It is better to use this script rather than turning off SELinux protection for httpd.
How do I configure httpd SELinux contexts?
setsebool -P httpd_enable_cgi 1
To verify or to view current settings use the getsebool command.
How do I start / stop / restart Apache server?
Use the service command as follows to start, stop, and restart the apache server:
service httpd start service httpd stop service httpd restart
cd /etc/httpd/conf/ vi httpd.conf