http_unified means, that all file types for httpd_sys_* are treated the
same way.
httpd_sys_content_t
httpd_sys_content_rw_t
httpd_sys_script_exec_t
httpd_sys_content_ra_t
If you turn on this boolean, and you want a script running as
httpd_sys_script_t or httpd_t can read/write/execute all http_sys file
types.
If you turn it off, the admin is responsible to make sure the labeling
is correct on all files. So if httpd_sys_script_t wants to write to a
file/directory, it needs to be labeled httpd_sys_content_rw_t.
httpd_sys_script_t can not interact with httpd_(NON sys)_content_t with
or without the boolean set.
the httpd_unified boolean does not effect any other
httpd_(NON sys)_script_t domains.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
