On Sat, 27 Dec 2008 22:35:33 -0600 "Arthur Pemberton" <pemboa@xxxxxxxxx> wrote: > Are there any plans for generic contexts? If not consider this a > suggestion. > > It would be useful if there were more generic contexts, for example > 'shared_content_t'. Which all targeted daemons that share files (such > as httpd, smbd, vsftpd) would all have access to these files. I am > aware that I can probably write my own policy to allow this, but it > seems like a fairly common use case. > > Just tonight I wanted to make some web code I was working on available > via a samba share so I could work a bit more fluidly form my laptop. > But the files are already labeled for sharing under httpd. > > On another machine, I give access to samba to one dir, and would also > like to have access form httpd. For certain situations, even vsftpd. public_content_t and public_content_rw_t have been available for a long time to support this between ftp, http, samba, nfs, tftp, and rsync daemons. public_content_t is read-only to all daemons. public_content_rw_t is read-only to all daemons but writable by any daemon that has the appropriate boolean set: allow_ftpd_anon_write allow_httpd_anon_write allow_httpd_sys_script_anon allow_nfsd_anon_write allow_rsync_anon_write allow_smbd_anon_write tftp_anon_write Setting these booleans allows the associated daemon to write to public_content_rw_t. Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
