SELinux/httpd integration
Joe Orton
jorton at redhat.com
Thu Nov 25 09:47:46 UTC 2004
On Wed, Nov 24, 2004 at 08:58:04PM -0500, Yuichi Nakamura wrote:
> Joe Orton wrote:
> > I'm going to add this text to /etc/httpd/conf.d/subversion.conf since it
> > (currently :) works out-of-the-box: is the terminology "labelled with a
> > context" correct?
> > #
> > # Example configuration to enable HTTP access for a directory
> > # containing Subversion repositories, "/var/www/svn". Each repository
> > # must be readable and writable by the 'apache' user. Note that if
> > # SELinux is enabled, the repositories must be labelled with a context
> > # which httpd can write to; this will happen by default for
> > # directories created in /var/www.
> > #
>
> As far as I know, context writable by httpd is not prepared.
> So I think type like httpd_rw_t I suggested before will be necessary.
With the current policy, system_u:object_r:httpd_sys_content_t *is*
writable by httpd_t by default. If this changes or is going to change
this text will need to be updated, yup.
joe
More information about the fedora-selinux-list
mailing list