On Wed, 2005-03-02 at 17:20 -0600, Jason Dravet wrote: >So in short to get asp for linux working you have to do the following: > >chcon -R -h -t httpd_sys_content_t /opt/casp/INSTALL/ I'm not sure this is *really* what you want by the way - by default both httpd_t and httpd_sys_script_t have complete access to it (modulo DAC of course). Without knowing more about the program I couldn't say. >chcon -h -t shlib_t >/opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/*.so >chcon -h -t shlib_t /opt/casp/server/lib/linux2_i686_optimized/libcasp2ap.so >chcon -h -t shlib_t /opt/casp/server/lib/linux2_i686_optimized/libaspdisp.so > >Can this be added to the targeted policy in the future? Well...these regexps exist in types.fc already: /opt/.*/lib(64)?(/.*)? system_u:object_r:lib_t /opt/.*/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t So I think actually you could have done: restorecon /opt/casp/module/linux2_i686_optimized/apache_2.0.x/20020903/standard/*.so /opt/casp/server/lib/linux2_i686_optimized/*.so Note that if the package was installed via RPM this labeling would have occurred automatically. But we do have a difficulty with 3rd-party generic plugin installation and Apache; again Apache is basically unique among the targeted daemons in this respect.
