This is what i set :
local.te:
allow httpd_sys_script_t mnt_t:dir search;
allow httpd_sys_script_t var_t:dir getattr;
allow httpd_sys_script_t nfs_t:dir { search write add_name };
allow httpd_sys_script_t nfs_t:file { create unlink getattr append
read write setattr };
Fab.
2008/10/9 Fabrizio Buratta <extremoburo(a)gmail.com>:
> You have two problems.
>
> #============= httpd_sys_script_t ==============
> allow httpd_sys_script_t mnt_t:dir search;
>
> You need to load a custom policy to allow you cgi scripts to read
> through the /mnt directory
>
> allow httpd_sys_script_t var_t:dir getattr;
>
> This one does not make sense this rule should be allowed in all default
> policies? What policy are you running. Apache scripts should be able
> to search/getattr on var_t in order to use /var/www/
>
> Neither of these avc's are much of a security risk to allow.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
>
> iEYEARECAAYFAkjsm2cACgkQrlYvE4MpobMIFQCg4SenCLanOIaIIc0m5ozndTR5
> HX4An26oG117iKH1aqsETEWJw9CrfiUf
> =cY7A
> -----END PGP SIGNATURE-----
>
My policy version is 18,
the package: 1.17.30-2.150.el4
I will try with a custom policy thus,
I'll tell you if i face further issues.
Thanks a lot,
Fab