On Wed, 2009-07-22 at 16:05 -0400, Stephen Smalley wrote:
> On Wed, 2009-07-22 at 12:57 -0700, Vadym Chepkov wrote:
> > You are right, these types are listed in /etc/selinux/targeted/contexts/customizable_types:
> >
> > ....
> > httpd_sys_content_t
> > httpd_sys_htaccess_t
> > httpd_sys_script_exec_t
> > httpd_sys_script_ra_t
> > httpd_sys_script_ro_t
> > httpd_sys_script_rw_t
> > httpd_unconfined_script_exec_t
> > ....
> >
> > May I ask, why do they set this way?
>
> Because users may choose to customize the labeling of their web
> hierarchy and we didn't want restorecon to clobber it. These days that
> isn't so necessary because users can use semanage fcontext -a to add
> entries for their customizations, and that is why customizable_types in
> F11 doesn't include those types.
>
But should http_user_{content,content_rw,script_exec}_t not be
customizable types though?
Afaik unpriv users cannot use semanage fcontext. What if a unpriv user
tries to configure a custom apache homedir for example (~/mywww)
Will that not be relabeled upon restorecon -R -v /home?
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
