Masalah Permission Denied di CentOS 7 Akibat SELINUX
Teknologi / 6 Maret 2017

Postingan ini hanya mencatat solusi untuk mengatasi permasalahan gagal akses aplikasi yang ditanam di server httpd (apache) akibat security permission pada SELinux (jika diaktifkan). 1. Cek permission SELINUX: ls -LZ 2. Lihat hasilnya: drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 bootstrap drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 storage 3. Ubah security dari “httpd_sys_content_t” menjadi “httpd_sys_rw_content_t” chcon -Rv -t httpd_sys_rw_content_t bootstrap/ changing security context of ‘bootstrap/app.php’ changing security context of ‘bootstrap/autoload.php’ changing security context of ‘bootstrap/cache/.gitignore’ changing security context of ‘bootstrap/cache’ changing security context of ‘bootstrap/’ changing security context of ‘storage/app/.gitignore’ changing security context of ‘storage/app/public/.gitignore’ changing security context of ‘storage/app/public’ changing security context of ‘storage/app’ changing security context of ‘storage/framework/.gitignore’ changing security context of ‘storage/framework/cache/.gitignore’ changing security context of ‘storage/framework/cache’ changing security context of ‘storage/framework/sessions/.gitignore’ changing security context of ‘storage/framework/sessions’ changing security context of ‘storage/framework/views/.gitignore’ changing security context of ‘storage/framework/views’ changing security context of ‘storage/framework’ changing security context of ‘storage/logs/.gitignore’ changing security context of ‘storage/logs’ changing security context of ‘storage/oauth-private.key’ changing security context of ‘storage/oauth-public.key’ changing security context of ‘storage/’ chcon -Rv -t httpd_sys_rw_content_t storage/ changing security context of ‘storage/app/.gitignore’ changing security context of ‘storage/app/public/.gitignore’ changing security context of ‘storage/app/public’ changing security context of ‘storage/app’ changing security context of ‘storage/framework/.gitignore’ changing security context of ‘storage/framework/cache/.gitignore’…

Command SEMANAGE Tidak Ada Dalam SELINUX
Teknologi / 2 Maret 2017

Dalam CentOS 7 kadang command semanage tidak bisa dijalankan meskipun selinux terpasang dan enabled. Hari ini googling nemu solusinya. Kira-kira seperti berikut inilah langkah memasang semanage di CentOS 7. Jalankan perintah berikut: yum provides /usr/sbin/semanage Hasilnya kira-kira sbb: Loaded plugins: fastestmirror Determining fastest mirrors * base: mirror.nbrc.ac.in * extras: mirror.nbrc.ac.in * updates: mirror.nbrc.ac.in policycoreutils-python-2.2.5-11.el7.x86_64 : SELinux policy core python : utilities Repo : base Matched from: Filename : /usr/sbin/semanage policycoreutils-python-2.2.5-11.el7_0.1.x86_64 : SELinux policy core python : utilities Repo : updates Matched from: Filename : /usr/sbin/semanage Atau jalankan perintah berikut: yum whatprovides /usr/sbin/semanage Hasilnya kira-kira sbb: Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.nbrc.ac.in * extras: mirror.nbrc.ac.in * updates: mirror.nbrc.ac.in policycoreutils-python-2.2.5-11.el7.x86_64 : SELinux policy core python : utilities Repo : base Matched from: Filename : /usr/sbin/semanage policycoreutils-python-2.2.5-11.el7_0.1.x86_64 : SELinux policy core python : utilities Repo : updates Matched from: Filename : /usr/sbin/semanage Dari hasil di atas terlihat bahwa diperlukan paket policycoreutils-python-2.2.5-11.el7_0.1.x86_64 agar dapat menjalankan command ‘semanage’. Oleh karena itu kita harus install paket tersebut. Jalankan perintah berikut: yum install policycoreutils-python Viola, perintah semanage sudah bisa dijalankan 🙂