SELinux Apache Allow To Serve The Contents Of a Loopback Mounted ISO Image

Q. How do I configure CentOS Linux SELinux security to permit httpd 2.2 (Apache web server) to serve the contents of a loopback mounted ISO images located at /var/www/html/lan/iso directory?

A. You need to use the context= option with mount command, which is useful when mounting filesystems that do not support extended attributes, such as a floppy or hard disk formatted with VFAT, or systems that are not normally running under SELinux, such as an ext3 formatted disk from a non-SELinux workstation. You can also use context= on filesystems you do not trust, such as a floppy. It also helps in compatibility with xattr supporting filesystems on earlier 2.4. kernel versions. Even where xattrs are supported, you can save time not having to label every file by assigning the entire disk one security context. A commonly used option for removable media is context=system_u:object_r:removable_t.

ADVERTISEMENTS

Here is the command you need to use with your system:
# mount -o loop,context=system_u:object_r:httpd_sys_content_t /path/to/image.iso /var/www/html/lan/iso

Above will give Apache policy a security context of system_u:object_r:httpd_sys_content_t. Refer selinux policy help pages for further information.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.