我对 SELinux 有一个问题,当强制执行(启用)时,会导致 Apache 上的 Wordpress 在标头中抛出错误,例如:
警告:发生意外错误。 WordPress.org 或此服务器的配置可能有问题。如果您仍然遇到问题,请尝试支持论坛。 (WordPress 无法与 WordPress.org 建立安全连接。请联系您的服务器管理员。)位于 /var/www/html/mywebsite.com/wp-admin/includes/plugin-install.php 第 183 行
或身体下部,例如:
一个意料之外的问题发生了。 WordPress.org 或此服务器的配置可能有问题。如果您仍然遇到问题,请尝试支持论坛。
还有很多其他文章也有这些相同的错误,其中大多数都讨论连接(名称解析、托管防火墙等),但这些都不是我的问题。
如果我通过设置# setenforce 0
或禁用 SELinux 来禁用它/etc/selinux/config然后一切正常。
看看规则似乎应该足够了..
# semanage fcontext -l | grep "www/html"
/var/www/html(/.*)?/sites/default/settings\.php regular file system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html(/.*)?/uploads(/.*)? all files system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html(/.*)?/wp-content(/.*)? all files system_u:object_r:httpd_sys_rw_content_t:s0
/var/www/html(/.*)?/wp_backups(/.*)? all files system_u:object_r:httpd_sys_rw_content_t:s0
该网站当前的基本路径位于: /var/www/html/mywebsite.com
是否还需要监管其他内容以使其不会抛出这些错误?
目标是按预期使用 SELinux,而不是禁用它。
以下是请求的 http 布尔值
$ getsebool -a | grep httpd
httpd_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_check_spam --> off
httpd_can_connect_ftp --> off
httpd_can_connect_ldap --> off
httpd_can_connect_mythtv --> off
httpd_can_connect_zabbix --> off
httpd_can_manage_courier_spool --> off
httpd_can_network_connect --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_memcache --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_dbus_sssd --> off
httpd_dontaudit_search_dirs --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_graceful_shutdown --> off
httpd_manage_ipa --> off
httpd_mod_auth_ntlm_winbind --> off
httpd_mod_auth_pam --> off
httpd_read_user_content --> off
httpd_run_ipa --> off
httpd_run_preupgrade --> off
httpd_run_stickshift --> off
httpd_serve_cobbler_files --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_sys_script_anon_write --> off
httpd_tmp_exec --> off
httpd_tty_comm --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_fusefs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off
httpd_use_opencryptoki --> off
httpd_use_openstack --> off
httpd_use_sasl --> off
httpd_verify_dns --> off