/etc/httpd/conf/httpd.confの修正。いつものカスタマイズ点は省略。Apache 2.0 ではAddDefaultCharsetを忘れないように。
#ついでにLanguagePriorityディレクティブも、日本語を優先させる為にjaを先頭に移動。
# Specify a default charset for all pages sent out. This is
# always a good idea and opens the door for future internationalisation
# of your web site, should you ever want it. Specifying it as
# a default does little harm; as the standard dictates that a page
# is in iso-8859-1 (latin1) unless specified otherwise i.e. you
# are merely stating the obvious. There are also some security
# reasons in browsers, related to javascript and URL parsing
# which encourage you to always set a default char set.
#
#AddDefaultCharset ISO-8859-1
AddDefaultCharset off
#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
#LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
LanguagePriority ja en ca cs da de el eo es et fr he hr it ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
ディレクトリのパーミッションを設定した後、perlへのシンボリックリンクを作成。
$ chmod 711 /home/yano/
$ chmod 755 /home/yano/public_html/
$ ln -s /usr/bin/perl /usr/local/bin/
ポリシーソースが必要になるので yum でインストール。…の前に yum の設定。/etc/yum.confに下記追加。
[base]でもってポリシーソースのインストール。FC3の規定はtargetedモードだが、実はより制限の強力なstrictパッケージがあるらしいのでそいつらもついでに。
name=Fedora Core $releaserver - $ basearch - Base
baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os
baseurl=ftp://ftp.kddilabs.jp/Linux/packages/fedora/core/3/i386/os
[update-release]
name=Fedora Core $releaserver - $ basearch - Release Updates
baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/3/i386/os
baseurl=ftp://ftp.kddilabs.jp/Linux/packages/fedora/core/3/i386/os
# yum install selinux-policy-targeted-sources selinux-policy-strict selinux-policy-strict-sources
# /usr/sbin/setenforce 0と permissiveモード にして apache の動作確認を行った後、
# cd /etc/selinux/targeted/src/policy/としてポリシーを追加・反映。
# audit2allow -d -l >> domains/program/apache.te
# make reload
# /usr/sbin/setenforce 1した後も apache の動作に問題が無ければOKなり。
参考まで
allow httpd_sys_script_t var_lib_t:dir search;が /etc/selinux/targeted/src/policy/domains/program/apache.te に追加されていた。
allow httpd_t user_home_t:dir { getattr search };
allow httpd_t user_home_t:file { getattr read };
allow httpd_suexec_t httpd_log_t:dir write;
allow httpd_t httpd_suexec_t:process { sigkill signal };
allow httpd_suexec_t httpd_log_t:dir add_name;
allow httpd_suexec_t httpd_log_t:file create;
allow httpd_suexec_t user_home_dir_t:dir search;
allow httpd_suexec_t user_home_t:dir { getattr search };
allow httpd_suexec_t user_home_t:file { execute execute_no_trans getattr ioctl read };
取り敢えず ![[External]](/~yano/parts/extlink.png)
Apache はこれでOKかな?
