well, I suppose it's a feature
I did more sasearch and looked what is allowed:
allow httpd_sys_script_t httpd_sys_script_ra_t : dir { ioctl read write getattr lock add_name search };
allow httpd_sys_script_t httpd_sys_script_ro_t : dir { read getattr search };
allow httpd_sys_script_t httpd_sys_script_rw_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir };
so I have to relabel all files from httpd_sys_content_t to httpd_sys_script_ro_t in Redhat? doesn't make much sense to me
Sincerely yours,
Vadym Chepkov
--- On Sat, 2/7/09, Dominick Grift <domg472@xxxxxxxxx> wrote:
> From: Dominick Grift <domg472@xxxxxxxxx>
> Subject: Re: awstats AVC denial
> To: "Vadym Chepkov" <chepkov@xxxxxxxxx>
> Cc: "Fedora SELinux" <fedora-selinux-list@xxxxxxxxxx>
> Date: Saturday, February 7, 2009, 11:07 AM
> On Sat, 2009-02-07 at 08:03 -0800, Vadym Chepkov wrote:
>
> > Why?
>
> That confirms that there is not any "tunable"
> policy available and that
> this is a bug in policy.
>
> > Sincerely yours,
> > Vadym Chepkov
> >
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
