Re: SELinux/httpd integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-11-16 at 13:21 +0000, Joe Orton wrote:
> I think one thing that would help would be making the sets of example
> httpd module configurations self-documentating w.r.t. SELinux for some
> of the modules.

It would be nice to go through more possible configurations and try
them; so far we've only done a few.

> So for instance, how do I get Subversion/mod_dav_svn working with an
> SELinux-enabled httpd? Can we make it such that an SVN repos is as easy
> to set up as:
> 
> # cd /src/svn
> # svnadmin create mystuff
> # vi /etc/httpd/conf.d/subversion.conf
>  - uncomment the defaults?

Well, given that the path /src/ doesn't exist by default right now, we
can't ensure it's labeled correctly out of the box.  Maybe we could have
default configuration use /var/www/.

> A more generic example would be if we provide a /srv/www directory or
> something to which the httpd domain is allowed read+write access by
> default; somewhere to put the PHP webapps.

/srv/www should probably be just be labeled the same as /var/www by
default.  Since the default label is httpd_sys_content_t, which in the
default boolean set httpd_t is allowed to write to, PHP apps storing
e.g. a SQLite database there should work.


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux