[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Another Apache problem

David Hampton wrote:

On Mon, 2005-04-04 at 16:09 -0400, Daniel J Walsh wrote:

Do you have httpd_unified && httpd_enable_cgi && httpd_builtin_scripting turned on?

getsebool -a | grep httpd

httpd_builtin_scripting --> inactive httpd_can_network_connect --> inactive httpd_enable_cgi --> active httpd_enable_homedirs --> active httpd_ssi_exec --> active httpd_tty_comm --> inactive httpd_unified --> inactive

I don't think I've ever set any of these (except maybe homedirs), so I
can't tell you why they are in this state.

setsebool -P httpd_enable_cgi=1 httpd_unified=1 httpd_builtin_scripting=1
Will turn it on.


My question is the obvious one.  Why do I need to enable cgi, unified
and scripting in order to serve static web pages?


fedora-selinux-list mailing list
fedora-selinux-list redhat com

Because we have a bug in policy.

All you needed to turn on is httpd_builtin_scripting=1

r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.

I have moved it outside and  once you update to tomorrows policy, you should
be able to turn off all booleans and still serve pages.

Updated policy is available now at


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]