TL;DR — If you’re not running an xlxd based reflector using SELinux you can skip this post.<\/p>\n\n\n\n
I recently migrated the XLX reflector<\/a> from Debian Stretch to Fedora<\/a> FC30. Debian<\/a> is the platform recommended by the software author, but xlxd runs fine under Fedora as well. However, since I’m running with SELinux<\/a> enabled, there were a couple of issues to tackle.<\/p>\n\n\n\n SELinux tags filesystem elements with a security context and in some cases, xlxd fails to access certain files for which it does not have authorization. There are three files that will require some special attention.<\/p>\n\n\n\n In my system, the files are installed in the following directories:<\/p>\n\n\n\n I had to create new rules to put the files in the correct security contexts.<\/p>\n\n\n\n One issue I discovered is that the contexts do not handle the creation of a new file. For that, I installed restorecond. This system daemon watches for specified files to be created and relabels the security context.<\/p>\n\n\n\n Then, add the 3 fully pathed file names to \/etc\/selinux\/targeted\/contexts\/files\/file_contexts.local. Restart the restorecond service and you’re ready to start the xlxd, httpd, and php-fpm services.<\/p>\n\n\n\n A very useful command is ls -lZ. On an SELinux enabled system it will list the security context labels for each file.<\/p>\n\n\n\n Another useful command is restorecon. RTFM.<\/p>\n\n\n\n 73 TL;DR — If you’re not running an xlxd based reflector using SELinux you can skip this post. I recently migrated the XLX reflector from Debian Stretch to Fedora FC30. Debian is the platform recommended by the software author, but xlxd runs fine under Fedora as well. However, since I’m running with SELinux enabled, there were … Continue reading “xlxd and SELinux”<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,4,6],"tags":[152,151,150,149],"class_list":["post-786","post","type-post","status-publish","format-standard","hentry","category-infosec","category-radio","category-technology","tag-fc30","tag-fedora","tag-selinux","tag-xlxd"],"_links":{"self":[{"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/posts\/786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/comments?post=786"}],"version-history":[{"count":3,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/posts\/786\/revisions"}],"predecessor-version":[{"id":789,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/posts\/786\/revisions\/789"}],"wp:attachment":[{"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/media?parent=786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/categories?post=786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.k2ie.net\/blog\/wp-json\/wp\/v2\/tags?post=786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}xlxd.pid -- contains the running process number
xlxd.log -- the XML log file used by the dashboard
callinghome.php -- contains the hash value used for registration<\/pre>\n\n\n\n\/var\/run\/xlxd.pid
\/var\/log\/xlxd.log
\/var\/lib\/httpd\/xlxd\/callinghome.php<\/pre>\n\n\n\nsemanage fcontext -a -t httpd_sys_content_t \/var\/log\/xlxd.xml
semanage fcontext -a -t httpd_sys_content_t \/var\/run\/xlxd.pid
semanage fcontext -a -t httpd_sys_rw_content_t \\
\/var\/lib\/httpd \/xlxd\/callinghome.php<\/pre>\n\n\n\ndnf install restorecon<\/pre>\n\n\n\n
ls -lZ
total 4
-rwxrwxrwx. 1 apache apache system_u:object_r:httpd_sys_rw_content_t:s0 66 May 16 14:12 callinghome.php<\/pre>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"