-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/18/2013 03:37 PM, m.roth(a)5-cent.us wrote:
Daniel J Walsh wrote:
> On 04/18/2013 02:58 PM, m.roth(a)5-cent.us wrote:
>> Daniel J Walsh wrote:
>>> On 04/18/2013 10:31 AM, m.roth(a)5-cent.us wrote:
>>>> David Quigley wrote:
>>>>> On 04/18/2013 10:12, m.roth(a)5-cent.us wrote:
>>>>>> David Quigley wrote:
<snip>
>>>> And the second note - if there's a syntax for semanage that lets
>>>> me
>> change user context, I don't see it - the -s doesn't seem to let me
>> do, for example, -s system_u.
>>>>
>>> Please explain what you are trying to do? Change a logged in user
>>> context?
>>
>> Nahhh.... Working on a new system, to replace an older one, and my
>> manager's copied some stuff, and either on the original system, or the
>> copy, don't know why, but the base of the directory tree we use for
>> websites came out as unconfined_u, and I was changing it to system_u.
>> I've run into that before, though, and want to make a change that will
stick,
>> and result in new files being created with the correct context.
<snip> Directly related to this - we don't use /var/www for web content,
but rather a directory directly on /. What *would* be an appropriate type
for that directory, var_t? Since it's /<ourdirectory>/htdocs/... but there
are other things there, just like /var/www, *and* it's in the root
filesystem, I shouldn't think the whole thing should be
httpd_sys_content_t.
mark
var_t or usr_t are searchable by all domains.
usr_t is readable by most while var_t is only search able.
Potentially you could setup equivalence
/OUTDIRECTORY/www == /var/www
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlFwT7YACgkQrlYvE4MpobNYUwCfY4nmVQyWm3tDpGqvvKw8enJQ
6ZIAn1q5cT7GudKCKgbjNMReVRVzrzLH
=FKpk
-----END PGP SIGNATURE-----