mirrors/caddy-website
1
0
Fork 0
mirror of https://github.com/caddyserver/website.git synced 2025-04-20 20:16:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: update selinux instructions

Browse source
This commit is contained in:
elmø 2023-08-06 23:55:07 +02:00
parent 381ce83a13
commit afb4b2ccef
1 changed files with 2 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/docs/markdown/running.md
View file

@ -157,17 +157,10 @@ Then, save the file and exit the text editor, and restart the service for it to
On SELinux enabled systems, systemd unit files and their executables will not be run unless labelled with `systemd_unit_file_t` and `bin_t` respectively. On SELinux enabled systems, systemd unit files and their executables will not be run unless labelled with `systemd_unit_file_t` and `bin_t` respectively.
Moreover on some distros (Fedora), SELinux will not let you relabel files directly placed in `/etc/systemd/system`. Instead unit files inside `/etc/systemd/system/` are symlinks to `/usr/lib/systemd/system/`. The `systemd_unit_file_t` is automatically applied to files created in `/etc/systemd/...`, so be sure to create your `caddy.service` file there.
If that is the case, you could create the `caddy.service` file inside the `/usr/lib/` directory and symlink it to `/etc/systemd/system/caddy.service`.
To tag the caddy binary, you can use the following commands:
```shell ```shell
### symlink the file if your selinux policy doesn't allow labelling files in /etc/systemd/
ln -s /usr/lib/systemd/system/caddy.service /etc/systemd/system/caddy.service
semanage fcontext -a -t systemd_unit_file_t PATH_TO_UNIT_FILE
restorecon -Rv PATH_TO_UNIT_FILE
semanage fcontext -a -t bin_t /usr/bin/caddy semanage fcontext -a -t bin_t /usr/bin/caddy
restorecon -Rv /usr/bin/caddy restorecon -Rv /usr/bin/caddy
``` ```