On Mon, 2005-06-27 at 22:02 +0100, Paul Howarth wrote:
Perhaps this is really a question for the selinux list, but I expect someone here must have come across this before.
I've got a software archive sitting on a file server, and this includes both Windows software (to be shared out using samba) and a local yum repository (to be shared out using httpd).
The SELinux manual tells me to use one set of contexts for sharing data using httpd and another set for sharing data using samba. The files can each only have one context as far as I know, so how do I resolve this conflict without turning off SELinux protection for one of the daemons? Add permissions for one daemon to be able to access the other's data? What's the way other people handle this?
Define a new type for this purpose, and allow both httpd and samba to access it. Presently requires installing policy sources, modifying them accordingly, and rebuilding your policy. Support for policy modules is coming, but not until FC5.
selinux@lists.fedoraproject.org