Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> Do you have the httpd_enable_homedirs boolean set?
> I see policy that says:
> if (httpd_enable_homedirs) {
> allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir {
> getattr search };
> }
# getsebool httpd_enable_homedirs
httpd_enable_homedirs --> active
> Also your first message said
> "allow httpd_suexec_t user_home_t:dir { read };"
> was necessary
I'm sorry, it was my mistake.
I pasted allow statement in another test;)
> This error requires
> "allow httpd_suexec_t user_home_dir_t:dir { search };"
Yes,
"allow httpd_suexec_t user_home_dir_t:dir search;"
is correct.
> I see policy that says:
> if (httpd_enable_homedirs) {
> allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir {
> getattr search };
> }
This appears in apache_user_domain macro,
but it seems that apache_user_domain is not used in targeted policy.
---
Yuichi Nakamura
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
