CVMFS httpd stratum-1 SELinux labeling

since we enforce SELinux, I am checking the corresponding labels.

on our stratum-1 the labels on the httpd’s repository directories are as


My question is, if there labeling can be constricted moving from unrestricted users to constricting the files/dirs to the httpd user?

Hi Thomas,

I personally have very little experience with SELinux, but I can bring it up in our coordination meeting, maybe other site admins have encountered this before.

Hi Valentin,

thanks :slight_smile:

my guess would be that labeling it to httpd should work, with the apache being the owner/user, but tbh I guess there might be the usual unexpected pitfalls. I might be trying to relabel everything when I have some time and keep monitoring the service’s health…