On Sat, 2006-04-01 at 18:15 -0500, Harry Hoffman wrote: > Hi, > > apache.fc allows for webroot location to be under /srv but selinux > currently stops apache from searching under /srv (at least this seems to > be the case to me, but I'm fairly new to selinux). > > From: file_contexts/program/apache.fc > /srv/([^/]*/)?www(/.*)? system_u:object_r:httpd_sys_content_t > > a ls -lZ of / shows: > drwxr-xr-x root root system_u:object_r:default_t srv > > running audit2allow -i /var/log/messages shows: > allow httpd_t default_t:dir search; > > adding a local.te policy with: > allow httpd_t default_t:dir search; > > fixes the problem and allows httpd to start without issue. Better to put a different type on /srv, so that you don't have to expose otherwise unspecified directories to searching by httpd. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
