On Thu, 2009-04-23 at 13:21 +0200, Dominick Grift wrote: > On Thu, 2009-04-23 at 14:25 +1000, Scott Radvan wrote: > > > I would greatly appreciate any and all comments or corrections that > > anyone has on it. > > I like the examples, unfortunately with regard to for example Apache you > do not have an example for each boolean. That would probably be too > much, but it would be the best way to shows when to use which boolean or > combination of booleans. > > For example we have had an issue on #fedora-selinux were httpd couldnt > do some permission to httpd_sys_content_t. > > setroubleshoot suggested httpd_unified, but even with that bool set to > true, httpd was not able to do (i forgot which permission it was) to the > file. > > I suggested to the user to just label the file httpd_sys_content_rw_t > and get it over with. (this worked) > > However later dwalsh suggested that this wasnt just solved by > httpd_unified because it required a combination of booleans to be set. > > im not sure i remember correct which combination this was but i think: > > httpd_enable_cgi, httpd_unified, httpd_enable_homedir > > my point is that the idea of including examples is a very good idea in > my view but that there arent so many examples. Actually the example i gave here just does not work. There is a bug in fedora Apache policy. We have had another guy with the same issue in #selinux today and httpd_unified does not work. confirmed it. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
