-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/16/2011 08:12 AM, Tim wrote: > On Thu, 2011-04-14 at 11:12 +0100, Bryn M. Reeves wrote: >> Heh, thought I might be out of date here.. I think that the correct >> context for home directory web content is now httpd_user_content_t >> (although I think httpd_sys_content_t still works - an SELinux expert >> can probably explain exactly why that's wrong or a bad idea but it >> certainly means there's no separation between user and system content >> so the policy can't distinguish them ;). > > Not an expert opinion, but I can imagine that an auto re-label might > change them to the expected contexts. Though I can't imagine that > causing any problems. > That is true, but only important if you are using confined users. If your users are logging in as unconfined_t then they can read and write httpd_sys_content_t. If you turn on confined users, then you would want them labeled httpd_user_content_t. If you run restorecon -R -v -F ~/public_content, it should change the labels to the default. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2sjagACgkQrlYvE4MpobMRLwCfbIATjr5vf4GbSwV/DanzNrJS 2GgAnjZyMVkob1MZlZvadkkD7foBOLS6 =Mqit -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
