David Hampton wrote:
On Mon, 2005-04-04 at 16:09 -0400, Daniel J Walsh wrote:
Do you have httpd_unified && httpd_enable_cgi && httpd_builtin_scripting
turned on?
getsebool -a | grep httpd
httpd_builtin_scripting --> inactive
httpd_can_network_connect --> inactive
httpd_enable_cgi --> active
httpd_enable_homedirs --> active
httpd_ssi_exec --> active
httpd_tty_comm --> inactive
httpd_unified --> inactive
I don't think I've ever set any of these (except maybe homedirs), so I
can't tell you why they are in this state.
setsebool -P httpd_enable_cgi=1 httpd_unified=1 httpd_builtin_scripting=1
Will turn it on.
Thanks.
My question is the obvious one. Why do I need to enable cgi, unified
and scripting in order to serve static web pages?
David
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Because we have a bug in policy.
All you needed to turn on is httpd_builtin_scripting=1
r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.
I have moved it outside and once you update to tomorrows policy, you should
be able to turn off all booleans and still serve pages.
Updated policy is available now at
Fedora/selinux-policy-*-1.23.6-3.noarch.rpm
ftp://people.redhat.com/dwalsh/SELinux/Fedora
--