Q. How do I configure CentOS Linux SELinux security to permit httpd 2.2 (Apache web server) to serve the contents of a loopback mounted ISO images located at /var/www/html/lan/iso directory?
A. You need to use the context= option with mount command, which is useful when mounting filesystems that do not support extended attributes, such as a floppy or hard disk formatted with VFAT, or systems that are not normally running under SELinux, such as an ext3 formatted disk from a non-SELinux workstation. You can also use context= on filesystems you do not trust, such as a floppy. It also helps in compatibility with xattr supporting filesystems on earlier 2.4.
Here is the command you need to use with your system:
# mount -o loop,context=system_u:object_r:httpd_sys_content_t /path/to/image.iso /var/www/html/lan/iso
Above will give Apache policy a security context of system_u:object_r:httpd_sys_content_t. Refer selinux policy help pages for further information.Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?