[selinux-policy: 3008/3172] No need for httpd_builtin_scripting to be set for httpd_t to be allowed to read files.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:27:41 UTC 2010
commit bbdbce34c28e832cdd4d60283e049105ba43a194
Author: Dominick Grift <domg472 at gmail.com>
Date: Fri Sep 17 08:40:04 2010 +0200
No need for httpd_builtin_scripting to be set for httpd_t to be allowed to read files.
policy/modules/services/apache.te | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
index 8329861..c3f7abf 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -1140,14 +1140,11 @@ tunable_policy(`httpd_enable_homedirs',`
')
tunable_policy(`httpd_read_user_content',`
+ userdom_read_user_home_content_files(httpd_t)
userdom_read_user_home_content_files(httpd_user_script_t)
userdom_read_user_home_content_files(httpd_suexec_t)
')
-tunable_policy(`httpd_read_user_content && httpd_builtin_scripting',`
- userdom_read_user_home_content_files(httpd_t)
-')
-
# Removal of fastcgi, will cause problems without the following
typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
typealias httpd_sys_content_t alias { httpd_fastcgi_content_t httpd_fastcgi_script_ro_t };
More information about the scm-commits
mailing list