since we enforce SELinux, I am checking the corresponding labels.
on our stratum-1 the labels on the httpd’s repository directories are as
unconfined_u:object_r:httpd_sys_content_t:s0
My question is, if there labeling can be constricted moving from unrestricted users to constricting the files/dirs to the httpd user?
Hi Thomas,
I personally have very little experience with SELinux, but I can bring it up in our coordination meeting, maybe other site admins have encountered this before.
Cheers,
Valentin
Hi Valentin,
thanks 
my guess would be that labeling it to httpd should work, with the apache being the owner/user, but tbh I guess there might be the usual unexpected pitfalls. I might be trying to relabel everything when I have some time and keep monitoring the service’s health…