CGI on user directory
Yuichi Nakamura
himainu-ynakam at miomio.jp
Tue May 10 13:13:46 UTC 2005
Daniel J Walsh <dwalsh at redhat.com> wrote:
> Do you have the httpd_enable_homedirs boolean set?
> I see policy that says:
> if (httpd_enable_homedirs) {
> allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir {
> getattr search };
> }
# getsebool httpd_enable_homedirs
httpd_enable_homedirs --> active
> Also your first message said
> "allow httpd_suexec_t user_home_t:dir { read };"
> was necessary
I'm sorry, it was my mistake.
I pasted allow statement in another test;)
> This error requires
> "allow httpd_suexec_t user_home_dir_t:dir { search };"
Yes,
"allow httpd_suexec_t user_home_dir_t:dir search;"
is correct.
> I see policy that says:
> if (httpd_enable_homedirs) {
> allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir {
> getattr search };
> }
This appears in apache_user_domain macro,
but it seems that apache_user_domain is not used in targeted policy.
---
Yuichi Nakamura
More information about the fedora-selinux-list
mailing list