On Mon, 2004-11-22 at 17:30 -0500, Yuichi Nakamura wrote: > I think it should grant fewer permissions. > Why httpd_t should write all contents in httpd_unified ? Ah, I see what you're saying now. Right. Dan added that recently for PHP scripts, I believe. > So, I feel that allowing httpd_t write permission to all contents is out of scope of httpd_unified. I agree now. Conceptually they are separate things. A new boolean like httpd_content_writable sounds good to me. Sorry about misunderstanding you originally. What do you think, Dan?
