Joe Orton wrote:
On Tue, Nov 16, 2004 at 03:35:49PM -0500, Daniel J Walsh wrote:If you label svn file httpd_sys_script_rw_t it should work, but this does expose a bug in httpd_unified boolean, that I fixed
Joe Orton wrote:
Policy has been updated to allow this. Please update to selinux-policy-targeted-1.17.30-2.26 or greater.httpd_t *cannot* write to anything labelled with httpd_sys_content_t by default, surely - that's the whole problem?
When I set up /var/www/svn as above, I get AVC messages like:
audit(1100636258.341:0): avc: denied { write } for pid=21318 exe=/usr/sbin/httpd name=__db.001 dev=hda2 ino=3169309 scontext=root:system_r:httpd_t tcontext=root:object_r:httpd_sys_content_t tclass=file
The same using a fresh Raw Hide install from yesterday, selinux-policy-targeted-1.19.1-9:
audit(1100690797.204:0): avc: denied { write } for pid=2388 exe=/usr/sbin/httpd name=__db.001 dev=md0 ino=1194146 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:httpd_sys_content_t tclass=file
in selinux-policy-targeted-1.19.1-12 and selinux-policy-targeted-1.17.30-2.31
joe
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
