implications of httpd_unified
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 17 19:17:38 UTC 2009
http_unified means, that all file types for httpd_sys_* are treated the
same way.
httpd_sys_content_t
httpd_sys_content_rw_t
httpd_sys_script_exec_t
httpd_sys_content_ra_t
If you turn on this boolean, and you want a script running as
httpd_sys_script_t or httpd_t can read/write/execute all http_sys file
types.
If you turn it off, the admin is responsible to make sure the labeling
is correct on all files. So if httpd_sys_script_t wants to write to a
file/directory, it needs to be labeled httpd_sys_content_rw_t.
httpd_sys_script_t can not interact with httpd_(NON sys)_content_t with
or without the boolean set.
the httpd_unified boolean does not effect any other
httpd_(NON sys)_script_t domains.
More information about the fedora-selinux-list
mailing list