SELinux/httpd integration
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Nov 22 22:57:27 UTC 2004
On Mon, 22 Nov 2004 13:05:53 EST, Colin Walters said:
> > It will be hard for users to guess "httpd_unified" means "allowing httpd fullaccess to all contents".
>
> My hope is that anyone who wants to do SELinux/Apache work on Fedora
> will either
> 1) Read the Fedora Apache/SELinux guide, where this is documented
> 2) Understand enough about SELinux to understand what the union of a
> permission set means.
Idiot me - at first glance, I assumed that 'httpd_unified' was the policy
file that allowed for differences in file locations across Fedora/debian/gentoo. ;)
Yes, I know what the union of a permission set is (at least when I've had
enough caffeine - but didn't see that "unified" referred to a union of
permission sets.... Yuichi is correct - it's not an incredibly intuitive
name. And remember that a *lot* of people will be installing SELinux
under future Fedora Core and RHEL releases who are *NOT* SELinux experts -
they will know "I'm running SELinux, and I have these services, so I need
to install the policies they need" - and that's the limit of their
in-depth understanding...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041122/22247259/attachment.sig>
More information about the fedora-selinux-list
mailing list