Finally got a chance to setup a webserver with selinux enabled. The most important thing is to set security context where the files located to be in httpd security context using ‘chcon’ command.
Here’s some example:
# chcon -v --type=httpd_sys_content_t /html
context of /html changed to user_u:object_r:httpd_sys_content_t
# chcon -v --type=httpd_sys_content_t /html/index.html
context of /html/index.html changed to user_u:object_r:httpd_sys_content_t
# ls -Z /html/index.html
-rw-r--r-- root root user_u:object_r:httpd_sys_content_t /html/index.html
# ls -Z | grep html
drwxr-xr-x root root user_u:object_r:httpd_sys_content_t html
SELinux also by default denied httpd process to send an email. You can override this by using ‘setsebool’ command. Here’s some example using getsebool and setsebool.
# getsebool -a | grep httpd_can_sendmail
httpd_can_sendmail --> off
# setsebool -P httpd_can_sendmail on
# getsebool -a | grep httpd_can_sendmail
httpd_can_sendmail --> on
That’s it.
Thank you
Budiwijaya