chcon: can't apply partial context to unlabeled file
cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=disabled
SELINUX=enfourcing
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
CentOS中samba配置上下文 提示 chcon: can't apply partial context to unlabeled file - Suozhiyuan - 博客园 https://www.cnblogs.com/CooCoChoco/p/14351481.html
之前在本地的CentOS虚拟机上配置 Samba 服务器没有遇到过这种问题, 刚才在我的阿里云服务器上配置Samba上下文时, 报出了这个错误
chcon -t samba_share_t /home/suozhiyuan/
chcon: can't apply partial context to unlabeled file '/home/suozhiyuan/'
找了很久的资料, 发现问题是出在 selinux 放火墙上, 这个防火墙的配置文件为 /etc/selinux/config
配置内容:
原来是关闭: SELINUX=disabled 改成打开: SELINUX=enforcing
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded.
#改成 SELINUX=enforcing
# SELINUXTYPE= can take one of these three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
保存后重启服务器
Apache无法读取某些目录文件的解决方法 - CoffeeCat's IT Blog - IT博客 http://www.cnitblog.com/CoffeeCat/archive/2014/03/18/89333.html
今天正好碰巧看到一份关于SeLinux的资料,解决了一个困扰我多时的问题。
我有一台CentOS的服务器,运行着基于Apache的PHP系统,但是这些系统无法访问诸如/home,/usr等目录,即使我将这些目录chown成apache:apache,并且chmod成0777,也显示Permission Denied。百思不得其解后,我只能放弃那些计划好的数据分区,将这些数据文件挤在/var/目录下了。原来0777也不是万能的,真是毁三观,哈哈。
原来,此问题的发生是因为SeLinux。这是一个安全控制系统,简单理解就是它提供了更精确的权限控制,使我们的Linux更安全。
解决办法有2种,最快速的就是将SeLinux直接Disable掉,当然,这个你需要看场合,大多数场合都不适合这样rough的操作。最好的办法,就是正确设置SeLinux针对apache的权限。
下面给出解决的方法:
比如,你想让PHP系统能访问/home/folder/目录,那么你只需要运行命令:
这样,SeLinux就不会阻止你的程序访问啦。