Another Apache problem

David Hampton hampton-rh at rainbolthampton.net
Wed Apr 6 14:49:28 UTC 2005


On Mon, 2005-04-04 at 17:01 -0400, Daniel J Walsh wrote:

> r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.
> 
> I have moved it outside and  once you update to tomorrows policy, you should
> be able to turn off all booleans and still serve pages.

Should there also be an "r_dir_file(httpd_t, httpdcontent)" statement in
the same place?  (Or in its place, since http_$1_content_t is marked
with the httpdcontent attribute).  Or am I misunderstanding the reason
behind the httpdcontent attribute?  The comment with this attribute is
pretty sparse.

The question comes up because in one of the policies I submitted, I had 

	type yam_content_t, file_type, sysadmfile, httpdcontent;

Should this be sufficient to allow httpd to serve the files, or do I
need to explicitly add 

	r_dir_file(httpd_t, yam_content_t)

I have the equivalent of this line at the moment, but would like to
remove it if its redundant (or should be redundant).

Thanks.

David





More information about the selinux mailing list