Since your situation is somewhat far from standard--i.e. your Document Root directory is within a homedir, among other things--I'd like to remind you that the following suggestions are provided solely for you to determine the main cause of your problem with permissions. Keep in mind that the most important point of the SELinux system is to provide the minimum set of permissions needed; therefore, these steps are probably not all necessary, as they may further reduce the security of your system.
NOTE Additionally, perhaps most important, you need to make sure that your DAC policy allows the necessary rwx permissions to your server, since SELinux only goes into effect after the DAC permissions are allowed; i.e. if apache is not allowed rwx on the directory/file the DAC policy blocks it and SELinux doesn't even handle it.
Try changing the file context of the
public
directory and subdirs topublic_content_rw_t
.# semanage fcontext -a -t public_content_rw_t "/home/ivnbrv/Dropbox/Site/files/public(/.*)?"
followed by
# restorecon -R -v /home/ivnbrv/Dropbox/Site/files/public/
Furthermore, you should check to make sure you have the proper
sebooleans
enabled with:# getsebool -a |grep -i http
AFAIK, httpd_builtin_scripting
, httpd_can_network_connect
, and httpd_enable_homedirs
should be set to on.
# setsebool httpd_... on
Execute the command above for any booleans that need to be enabled. This change is temporary, however, unless you also add the -P
option to setsebool
to make it persistent.
Check to make sure that your php-script(s) have the necessary file context with
ls -alZ /path/to/dir/with/scripts
If not, you can change them to httpd_sys_script_exec_t
by executing
# semanage fcontext -a -t httpd_sys_script_exec_t '/home/ivnbrv/Dropbox/Site/.*\/php5?'
# semanage fcontext -a -t httpd_sys_script_rw_t '/home/ivnbrv/Dropbox/Site/files/public/noticia/img(/.*)?'
# restorecon -R -v /home/ivnbrv/Dropbox/
As always, take a look at SELinux's wikipages for further details and information. There's also a wealth of useful information available on the fedora wiki pages with numerous scenarios and workflow methods; as well as the official Fedora Docs - Security Guide.