David Hampton wrote:
On Mon, 2005-04-04 at 16:09 -0400, Daniel J Walsh wrote:
Do you have httpd_unified && httpd_enable_cgi && httpd_builtin_scripting turned on?
getsebool -a | grep httpd
httpd_builtin_scripting --> inactive httpd_can_network_connect --> inactive httpd_enable_cgi --> active httpd_enable_homedirs --> active httpd_ssi_exec --> active httpd_tty_comm --> inactive httpd_unified --> inactive
I don't think I've ever set any of these (except maybe homedirs), so I can't tell you why they are in this state.
setsebool -P httpd_enable_cgi=1 httpd_unified=1 httpd_builtin_scripting=1
Will turn it on.
Thanks.
My question is the obvious one. Why do I need to enable cgi, unified and scripting in order to serve static web pages?
David
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Because we have a bug in policy.
All you needed to turn on is httpd_builtin_scripting=1
r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.
I have moved it outside and once you update to tomorrows policy, you should be able to turn off all booleans and still serve pages.
Updated policy is available now at Fedora/selinux-policy-*-1.23.6-3.noarch.rpm ftp://people.redhat.com/dwalsh/SELinux/Fedora
--
