David Hampton wrote:
httpdcontent is used to by the httpd_unified domain. Which says treat all httpdcontent the same.On Mon, 2005-04-04 at 17:01 -0400, Daniel J Walsh wrote:
r_dir_file(httpd_t, http_$1_content_t) was locked in this boolean.
I have moved it outside and once you update to tomorrows policy, you should
be able to turn off all booleans and still serve pages.
Should there also be an "r_dir_file(httpd_t, httpdcontent)" statement in the same place? (Or in its place, since http_$1_content_t is marked with the httpdcontent attribute). Or am I misunderstanding the reason behind the httpdcontent attribute? The comment with this attribute is pretty sparse.
The question comes up because in one of the policies I submitted, I had
type yam_content_t, file_type, sysadmfile, httpdcontent;
Should this be sufficient to allow httpd to serve the files, or do I
need to explicitly add
r_dir_file(httpd_t, yam_content_t)
I have the equivalent of this line at the moment, but would like to remove it if its redundant (or should be redundant).
Thanks.
So that would only be used within that boolean. So if you want to turn off all booleans for httpd(Most secure)
You would have to add
r_dir_file(httpd_t, yam_content_t)
If you want to run with httpd_unified you don't need to.
httpd_unified on a machine without httpd scripts would not make much difference.
Dan
David
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
