On Mon, 2005-06-27 at 22:02 +0100, Paul Howarth wrote:
Perhaps this is really a question for the selinux list, but I expect
someone here must have come across this before.
I've got a software archive sitting on a file server, and this includes
both Windows software (to be shared out using samba) and a local yum
repository (to be shared out using httpd).
The SELinux manual tells me to use one set of contexts for sharing data
using httpd and another set for sharing data using samba. The files can
each only have one context as far as I know, so how do I resolve this
conflict without turning off SELinux protection for one of the daemons?
Add permissions for one daemon to be able to access the other's data?
What's the way other people handle this?
Define a new type for this purpose, and allow both httpd and samba to
access it. Presently requires installing policy sources, modifying them
accordingly, and rebuilding your policy. Support for policy modules is
coming, but not until FC5.
--
Stephen Smalley
National Security Agency