[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Serving a loopback mounted ISO with Apache



I'm running Fedora Core 3 with selinux-policy-targeted-1.17.30-2.96
and I'd like to serve an ISO file I've mounted (the contents of the
ISO, I don't care about the ISO itself).  I've mounted it thusly:

# mount -t iso9660 -o,loop PG2003-08.ISO gutenberg

And I show that it's mounted properly:

/var/www/html/PG2003-08.ISO on /var/www/html/gutenberg type iso9660
(rw,loop=/dev/loop0)

Trying to read this content using a web-browser (via apache) gives me
a 403 Forbidden.  The reason is an avc denied:

Apr 22 19:48:43 circe kernel: audit(1114217323.877:0): avc:  denied  {
getattr } for  pid=14889 exe=/usr/sbin/httpd
path=/var/www/html/gutenberg dev=loop0 ino=1792
scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:iso9660_t
tclass=dir

Unfortunately, I'm unable to relabel this content because the iso9660
filesystem does not support extended attributes:

restorecon get context on
/var/www/html/gutenberg/etext03/vbgle11h/images/pl41.jpg failed:
'Operation not supported'
[ and so on ]

I have relabeled the mountpoint itself without the ISO mounted.  Is
there a workaround or something I'm missing that I can do to make this
content readable by apache?  Thanks!

-- 
Chris

() ASCII Ribbon Campaign!
/\ Say NO to HTML in Mail and News!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]