On 07/18/2009 11:03 PM, Vadym Chepkov wrote:
> Hi,
>
> I have a question about httpd interface on RedHat 5.3
> selinux-policy-targeted-2.4.6-203.el5
>
> I have httpd_unified --> off
> and I defined domain for subversion:
>
> apache_content_template(svn)
>
> I labeled my subversion hooks as httpd_svn_script_exec_t
> and I expected it will be able to read files labeled as httpd_svn_content_t, but it is not the case:
>
> type=AVC msg=audit(1247931060.612:40993): avc: denied { read } for pid=21405 comm="svn-mailer" name="svn-mailer.cfg" dev=sda1 ino=773360 scontext=user_u:system_r:httpd_svn_script_t:s0 tcontext=system_u:object_r:httpd_svn_content_t:s0 tclass=file
>
> # sesearch -a -s httpd_svn_script_t -t httpd_svn_content_t
> Found 1 av rules:
> allow httpd_svn_script_t httpd_svn_content_t : dir { getattr search };
>
I would say this is a bug.
>
> The question is, why only this and nothing else?
>
> Sincerely yours,
> Vadym Chepkov
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
