On Sep 27, 2011, at 9:01 AM, Miroslav Grepl wrote:
> On 09/25/2011 12:34 AM, Vadym Chepkov wrote:
>> Hi,
>>
>> I think man httpd_selinux is outdated in RHEL6
>>
>> it looks like proper name for httpd_sys_content_rw_t is httpd_sys_rw_content_t.
>>
>> at least rectorecon is trying to correct it all the time :
>>
>> for example:
>>
>> restorecon reset /var/www/sel_blog/wp-content/uploads/2011/01/logo-150x150.jpg
context
system_u:object_r:httpd_sys_rw_content_t:s0->system_u:object_r:httpd_sys_content_rw_t:s0
>>
>> Vadym
>>
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
> Vadym,
>
> rpm -q selinux-policy
Yep, I upgraded to 6.1 and manual was changed. It is still inconsistent though:
selinux-policy-3.7.19-93.el6_1.7.noarch
man httpd_selinux
httpd_sys_rw_content_t
- Set files with httpd_sys_rw_content_t if you want httpd_sys_script_exec_t
scripts and the daemon to read/write the data, and dis-
allow other non sys scripts from access.
httpd_sys_content_ra_t
- Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t
scripts and the daemon to read/append to the file, and
disallow other non sys scripts from access.
why "rw" is a prefix, but "ra" is a suffix ?
Thanks,
Vadym
We have more fixes in the latest RHEL6.2 policy but this is a bug which
needs to be fixed.