Ben wrote:
Is there a simple boolean that lets me do this? My avc errors look like:
Apr 9 11:21:50 charlotte kernel: audit(1144606910.006:153): avc:
denied { search } for pid=17677 comm="httpd" name="/" dev=0:12
ino=292243 scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=dir
Apr 9 11:21:50 charlotte kernel: audit(1144606910.006:154): avc:
denied { getattr } for pid=17677 comm="httpd" name="/" dev=0:12
ino=292243 scontext=root:system_r:httpd_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=dir
Right now this is not something we have come across, but if you set the
following booleans it will be allowed
setsebool -P httpd_enable_homedirs=1 use_nfs_home_dirs=1
Not ideal but it works.
Probably should bugzilla this to have a boolean httpd_use_nfs or something.
On a related note, is there a way to see what the various booleans are
supposed to be good for?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
