Another Apache problem
David Hampton
hampton-rh at rainbolthampton.net
Wed Apr 6 14:49:28 UTC 2005
On Mon, 2005-04-04 at 17:01 -0400, Daniel J Walsh wrote:
> r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.
>
> I have moved it outside and once you update to tomorrows policy, you should
> be able to turn off all booleans and still serve pages.
Should there also be an "r_dir_file(httpd_t, httpdcontent)" statement in
the same place? (Or in its place, since http_$1_content_t is marked
with the httpdcontent attribute). Or am I misunderstanding the reason
behind the httpdcontent attribute? The comment with this attribute is
pretty sparse.
The question comes up because in one of the policies I submitted, I had
type yam_content_t, file_type, sysadmfile, httpdcontent;
Should this be sufficient to allow httpd to serve the files, or do I
need to explicitly add
r_dir_file(httpd_t, yam_content_t)
I have the equivalent of this line at the moment, but would like to
remove it if its redundant (or should be redundant).
Thanks.
David
More information about the selinux
mailing list