From: Antonin Béthoux <redacted>
Date: Tue, 7 May 2024 14:10:03 +0000 (+0200)
Subject: Add SELinux permissions instructions
X-Git-Url: http://source.bookstackapp.com/website/commitdiff_plain/c6468afa61b82be2e834adee18403afc18b269b7

Add SELinux permissions instructions

When using SELinux and especially when installing bookstack in nonstandard directories (eg. not /var/www), SELinux will prevent access despite chmod permissions being correct, these instructions fix the issue.
---

diff --git a/content/docs/admin/filesystem-permissions.md b/content/docs/admin/filesystem-permissions.md
index 8e778af..bad7b6e 100644
--- a/content/docs/admin/filesystem-permissions.md
+++ b/content/docs/admin/filesystem-permissions.md
@@ -48,3 +48,22 @@ sudo chmod -R 775 /var/www/bookstack/storage /var/www/bookstack/bootstrap/cache
 # Limit the .env file to only be readable by the user and group, and only writable by the user.
 sudo chmod 640 /var/www/bookstack/.env
 ```
+
+When using SELinux, you may still encounter access denied errors: you may additionally need to add a type label to your install files.
+
+The following assumes your webserver uses the `httpd_sys_content_t` for readonly files and `httpd_sys_rw_content_t` for read-write files.
+
+```bash
+# Set the httpd_sys_content_t type on all bookstack files
+semanage fcontext -a -t httpd_sys_content_t    '/var/www/bookstack(/.*)?'
+
+# Also set the httpd_sys_rw_content_t type on all directories that will need need read-write access
+semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/bookstack/storage(/.*)?'
+semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/bookstack/bootstrap/cache(/.*)?'
+semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/bookstack/public/uploads(/.*)?'
+
+# Apply the changes
+restorecon -R /var/www/bookstack
+```
+
+