On Mon, 2005-04-04 at 17:01 -0400, Daniel J Walsh wrote: > r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean. > > I have moved it outside and once you update to tomorrows policy, you should > be able to turn off all booleans and still serve pages. Should there also be an "r_dir_file(httpd_t, httpdcontent)" statement in the same place? (Or in its place, since http_$1_content_t is marked with the httpdcontent attribute). Or am I misunderstanding the reason behind the httpdcontent attribute? The comment with this attribute is pretty sparse. The question comes up because in one of the policies I submitted, I had type yam_content_t, file_type, sysadmfile, httpdcontent; Should this be sufficient to allow httpd to serve the files, or do I need to explicitly add r_dir_file(httpd_t, yam_content_t) I have the equivalent of this line at the moment, but would like to remove it if its redundant (or should be redundant). Thanks. David
