-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fabrizio Buratta wrote:
> This is what i set :
>
> local.te:
>
> allow httpd_sys_script_t mnt_t:dir search;
> allow httpd_sys_script_t var_t:dir getattr;
> allow httpd_sys_script_t nfs_t:dir { search write add_name };
> allow httpd_sys_script_t nfs_t:file { create unlink getattr append
> read write setattr };
>
> Fab.
>
>
> 2008/10/9 Fabrizio Buratta <extremoburo@xxxxxxxxx>:
>>> You have two problems.
>>>
>>> #============= httpd_sys_script_t ==============
>>> allow httpd_sys_script_t mnt_t:dir search;
>>>
>>> You need to load a custom policy to allow you cgi scripts to read
>>> through the /mnt directory
>>>
>>> allow httpd_sys_script_t var_t:dir getattr;
>>>
>>> This one does not make sense this rule should be allowed in all default
>>> policies? What policy are you running. Apache scripts should be able
>>> to search/getattr on var_t in order to use /var/www/
>>>
>>> Neither of these avc's are much of a security risk to allow.
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v1.4.9 (GNU/Linux)
>>> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>>>
>>> iEYEARECAAYFAkjsm2cACgkQrlYvE4MpobMIFQCg4SenCLanOIaIIc0m5ozndTR5
>>> HX4An26oG117iKH1aqsETEWJw9CrfiUf
>>> =cY7A
>>> -----END PGP SIGNATURE-----
>>>
>> My policy version is 18,
>>
>> the package: 1.17.30-2.150.el4
>>
>> I will try with a custom policy thus,
>>
>> I'll tell you if i face further issues.
>>
>> Thanks a lot,
>>
>> Fab
>>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Looks good.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkj1RK8ACgkQrlYvE4MpobMXeACgifZn5MM318/JD+cIScFyYEwn
NqEAoMW3SG5x7U4nWSvS6ra2UGyjCAla
=UtsL
-----END PGP SIGNATURE-----
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
