[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Another Apache problem



I noticed that I had "r_dir_file(httpd_t, httpdcontent)" in my
domains/misc/local.te file so I removed it.  After I did this I started
getting avc errors for all web access to my server.  Audit2allow says I
need:

allow httpd_t httpd_sys_content_t:dir { getattr search };
allow httpd_t httpd_sys_content_t:file { getattr read };

Poking through the policy sources, it appears that httpd_t no longer has
permission to read files with the httpdcontent attribute.  Grep shows
only this one place where httpd_t gets permission to read the content...

./domains/program/apache.te:create_dir_file(httpd_t, httpdcontent)

...but this line is protected by what looks like a four way conditional
and doesn't appear to have any effect.  Would it make sense to add
unconditional read access to httpd before checking/allowing write and
execute access on the files?

My system is an FC3 base running with Daniel Walsh's 1.23.6-1 strict
policy.

David



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]