On Tue, 2004-11-16 at 13:21 +0000, Joe Orton wrote: > I think one thing that would help would be making the sets of example > httpd module configurations self-documentating w.r.t. SELinux for some > of the modules. It would be nice to go through more possible configurations and try them; so far we've only done a few. > So for instance, how do I get Subversion/mod_dav_svn working with an > SELinux-enabled httpd? Can we make it such that an SVN repos is as easy > to set up as: > > # cd /src/svn > # svnadmin create mystuff > # vi /etc/httpd/conf.d/subversion.conf > - uncomment the defaults? Well, given that the path /src/ doesn't exist by default right now, we can't ensure it's labeled correctly out of the box. Maybe we could have default configuration use /var/www/. > A more generic example would be if we provide a /srv/www directory or > something to which the httpd domain is allowed read+write access by > default; somewhere to put the PHP webapps. /srv/www should probably be just be labeled the same as /var/www by default. Since the default label is httpd_sys_content_t, which in the default boolean set httpd_t is allowed to write to, PHP apps storing e.g. a SQLite database there should work.
