[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Another Apache problem



David Hampton wrote:

On Mon, 2005-04-04 at 16:09 -0400, Daniel J Walsh wrote:



Do you have httpd_unified && httpd_enable_cgi && httpd_builtin_scripting turned on?

getsebool -a | grep httpd



httpd_builtin_scripting --> inactive httpd_can_network_connect --> inactive httpd_enable_cgi --> active httpd_enable_homedirs --> active httpd_ssi_exec --> active httpd_tty_comm --> inactive httpd_unified --> inactive

I don't think I've ever set any of these (except maybe homedirs), so I
can't tell you why they are in this state.



setsebool -P httpd_enable_cgi=1 httpd_unified=1 httpd_builtin_scripting=1
Will turn it on.



Thanks.


My question is the obvious one.  Why do I need to enable cgi, unified
and scripting in order to serve static web pages?

David


--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list


Because we have a bug in policy.

All you needed to turn on is httpd_builtin_scripting=1

r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.

I have moved it outside and  once you update to tomorrows policy, you should
be able to turn off all booleans and still serve pages.

Updated policy is available now at
Fedora/selinux-policy-*-1.23.6-3.noarch.rpm
ftp://people.redhat.com/dwalsh/SELinux/Fedora

--



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]