Hi Ben, On Sun, 2007-03-25 at 14:23 -0700, benrawk wrote: > Hello all, > > With Graham's hint about possible problems caused by SELinux, I > finally figured out what was going on. Django can now serve pages! > Here is what I learned:
Firstly, well done for sticking at solving the problem rather than just turning off the SELinux infrastructure. Writing up your conclusions is bound to help other people, too. > SELinux is installed and running by default on Fedora Core 6. This > means that along with the correct file permissions, for files to be > readable by apache they have to have the correct security context. > When you first set up Apache and serve a simple html page from '/var/ > www' there is no problem because SELinux has by default already given > this path the correct security context. When you start creating > projects in Django using the 'django-admin.py startproject [project > name]' files are created that do not have the correct security > context. > > Default security contexts are controlled by files in '/etc/selinux/ > targeted/contexts/files'. If you grep for 'www' in this directory you > will see that '/var/www(/.*)?' has been given the correct security > context, as previously described. Interestingly, directories labeled > 'www' under you home directory will also be given the correct security > context by defaule because of the following regx '/home/[^/]*/((www)| > (web)|(public_html))(/.+)? '. > > Looking at the security conext of files under the /var/www directory > (using 'ls -Z'), I found that files should have the following context > inorder to be served up by Apache: > 'system_u:object_r:httpd_sys_content_t'. This is compared to what my > Django files currently had: 'user_u:object_r:user_home_t'. I had to > change the type of the files, and I did so using the following > command: > > chcon -R -t httpd_used_content_t myproject > > My knowledge of SELinux configuration is still pretty low, and I will > continue to study it if I run into more problems. The references I > used to figure this all out are here: > > http://linux.web.cern.ch/linux/scientific4/docs/rhel-selg-en-4/rhlcommon-chapter-0017.html#RHLCOMMON-SECTION-0066 > http://docs.fedoraproject.org/selinux-apache-fc3/sn-simple-setup.html I'm fairly comfortable with SELinux systems and, for what it's worth, your explanation of the problems, why it isn't a problem for /var/www/ and your solution seem exactly right to me. Nice debugging job. :-) I don't have FC6 installed, but often these systems log access violations to /var/log/secure (or another place), so you might have been able to see a bunch of failures in there. On SELinux-enabled systems, if something isn't working, it's often worth seeing if /var/log/secure is growing or being updated each time you make an attempt (you can run "ls -lrt /var/log/" without being root on many systems, whereas you can't view the file without changing to a more privileged user). Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
