Another Apache problem
David Hampton
hampton-rh at rainbolthampton.net
Wed Apr 6 14:49:28 UTC 2005
On Mon, 2005-04-04 at 17:01 -0400, Daniel J Walsh wrote:
> r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.
>
> I have moved it outside and once you update to tomorrows policy, you should
> be able to turn off all booleans and still serve pages.
Should there also be an "r_dir_file(httpd_t, httpdcontent)" statement in
the same place? (Or in its place, since http_$1_content_t is marked
with the httpdcontent attribute). Or am I misunderstanding the reason
behind the httpdcontent attribute? The comment with this attribute is
pretty sparse.
The question comes up because in one of the policies I submitted, I had
type yam_content_t, file_type, sysadmfile, httpdcontent;
Should this be sufficient to allow httpd to serve the files, or do I
need to explicitly add
r_dir_file(httpd_t, yam_content_t)
I have the equivalent of this line at the moment, but would like to
remove it if its redundant (or should be redundant).
Thanks.
David
More information about the fedora-selinux-list
mailing list