Another Apache problem

David Hampton hampton-rh at rainbolthampton.net
Wed Apr 6 14:49:28 UTC 2005


On Mon, 2005-04-04 at 17:01 -0400, Daniel J Walsh wrote:

> r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.
> 
> I have moved it outside and  once you update to tomorrows policy, you should
> be able to turn off all booleans and still serve pages.

Should there also be an "r_dir_file(httpd_t, httpdcontent)" statement in
the same place?  (Or in its place, since http_$1_content_t is marked
with the httpdcontent attribute).  Or am I misunderstanding the reason
behind the httpdcontent attribute?  The comment with this attribute is
pretty sparse.

The question comes up because in one of the policies I submitted, I had 

	type yam_content_t, file_type, sysadmfile, httpdcontent;

Should this be sufficient to allow httpd to serve the files, or do I
need to explicitly add 

	r_dir_file(httpd_t, yam_content_t)

I have the equivalent of this line at the moment, but would like to
remove it if its redundant (or should be redundant).

Thanks.

David





More information about the fedora-selinux-list mailing list