I'm running Fedora Core 3 with selinux-policy-targeted-1.17.30-2.96
and I'd like to serve an ISO file I've mounted (the contents of the
ISO, I don't care about the ISO itself). I've mounted it thusly:
# mount -t iso9660 -o,loop PG2003-08.ISO gutenberg
And I show that it's mounted properly:
/var/www/html/PG2003-08.ISO on /var/www/html/gutenberg type iso9660
(rw,loop=/dev/loop0)
Trying to read this content using a web-browser (via apache) gives me
a 403 Forbidden. The reason is an avc denied:
Apr 22 19:48:43 circe kernel: audit(1114217323.877:0): avc: denied {
getattr } for pid=14889 exe=/usr/sbin/httpd
path=/var/www/html/gutenberg dev=loop0 ino=1792
scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:iso9660_t
tclass=dir
Unfortunately, I'm unable to relabel this content because the iso9660
filesystem does not support extended attributes:
restorecon get context on
/var/www/html/gutenberg/etext03/vbgle11h/images/pl41.jpg failed:
'Operation not supported'
[ and so on ]
I have relabeled the mountpoint itself without the ISO mounted. Is
there a workaround or something I'm missing that I can do to make this
content readable by apache? Thanks!
--
Chris
() ASCII Ribbon Campaign!
/\ Say NO to HTML in Mail and News!
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
