On Tue, 2009-06-16 at 11:58 -0400, Chuck Anderson wrote: > On Tue, Jun 16, 2009 at 04:46:00PM +0100, Paul Howarth wrote: > > On 16/06/09 16:34, Chuck Anderson wrote: > >> Is there any pointer to best practices for packing a web application > >> that provides static content, cgi scripts, integrates with Apache > >> configuration, and works with SELinux? How should I package the > >> SELinux policy needed to make this work? > No policy yet. I think I just need file_contexts to go along with the > standard ones: > > /srv/([^/]*/)?www(/.*)? system_u:object_r:httpd_sys_content_t:s0 > /var/www(/.*)? system_u:object_r:httpd_sys_content_t:s0 > /var/www(/.*)?/logs(/.*)? system_u:object_r:httpd_log_t:s0 > /var/www/[^/]*/cgi-bin(/.*)? system_u:object_r:httpd_sys_script_exec_t:s0 > /var/www/perl(/.*)? system_u:object_r:httpd_sys_script_exec_t:s0 > /var/www/icons(/.*)? system_u:object_r:httpd_sys_content_t:s0 > /var/www/html/[^/]*/cgi-bin(/.*)? system_u:object_r:httpd_sys_script_exec_t:s0 > /var/www/cgi-bin(/.*)? system_u:object_r:httpd_sys_script_exec_t:s0 > > I found that Debian has pretty well-defined (draft) guidelines for web > applications: > > http://webapps-common.alioth.debian.org/draft/html/ Mandriva (which is obviously closer to Fedora than Debian in filesystem layout philosophy...) has one too: http://wiki.mandriva.com/en/Policies/Web_Applications it's well-followed within MDV packages, and I found it quite sensible when I was packaging a few web apps (mainly roundcubemail). -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
