Yuichi Nakamura wrote:
Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
Do you have the httpd_enable_homedirs boolean set?
I see policy that says:
if (httpd_enable_homedirs) {
allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir {
getattr search };
}
# getsebool httpd_enable_homedirs
httpd_enable_homedirs --> active
Also your first message said
"allow httpd_suexec_t user_home_t:dir { read };"
was necessary
I'm sorry, it was my mistake.
I pasted allow statement in another test;)
This error requires
"allow httpd_suexec_t user_home_dir_t:dir { search };"
Yes,
"allow httpd_suexec_t user_home_dir_t:dir search;"
is correct.
I see policy that says:
if (httpd_enable_homedirs) {
allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir {
getattr search };
}
This appears in apache_user_domain macro,
but it seems that apache_user_domain is not used in targeted policy.
Yes nice catch. I will fix.
---
Yuichi Nakamura
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
