On Fri, 2004-09-17 at 08:49, Stephen Smalley wrote: > It should only require search permission to home_root_t and > user_home_dir_t in order to lookup /home/<username>/www, and then have > read permission to httpd_user_content_t. Naturally, someone (Dan, > Russell, me, whoever) should verify that, but in the past, that was > sufficient. I can successfully access web content in a user's home directory (under public_html, since that is what is enabled in my httpd.conf, but same security context) with the current FC3/devel targeted policy (don't know about the FC3/test1 policy - that was back in July, and a lot has changed). httpd_t only has search and getattr permissions to home_root_t and user_home_dir_t, but has read/search/getattr to httpd_sys_content_t (and httpd_user_content_t is just an alias in the targeted policy). Might want to yum update your system against rawhide (at least selinux-policy-targeted and selinux-policy-targeted-sources) and retry, or wait for test2 on Sep 20th and try it. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
