"Dominick Grift wrote:" > > > --===============0256136332== > Content-Type: multipart/signed; micalg=pgp-sha1; > protocol="application/pgp-signature"; boundary="Fig2xvG2VGoz8o/s" > Content-Disposition: inline > > > --Fig2xvG2VGoz8o/s > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Thu, Dec 03, 2009 at 08:35:56PM -0800, David Highley wrote: > > A common virtual web hosting set up would be a web root directory > > location with the following sub directories: > > ftp > > logs > > pages > > pages/cgi-bin > >=20 > > Under ftp you would have all that is needed for a chroot ftp sandbox. > > Since each virtual host would be a different user and or company how > > does one change sebool httpd_unified to off and get it all to work with > > selinux? > > Well PHP needs httpd_unified but if you use CGI like perl or c or bash or w= > hatever then basically you would set httpd_enable_cgi and httpd_builtin_scr= > ipting booleans. Then label the locations with a proper type. I'm not sure the statement that PHP needs httpd_unified on is correct in Fedora 12. I just finished doing some testing of Mythtv with this setting turned off. I tested all TV recording, weather, and streaming video available through the web interace and it all seems to be working now. Granted there is a lot more to full backend Mythtv setup but it was looking pretty good. Dan has put in two policy updates which should be out pretty soon. I'm not done, but I also ran a quick test of squirrelmail with dovecot for off site email access and that appears to be working. Squirrelmail is all PHP. > > for example: > > # ftp: > /srv/ftproot(/.*)? public_content_rw_t > setsebool -P allow_ftpd_anon_write on (allow ftpd to write to /srv/ftproot > setsebool -P allow_httpd_anon_write on (allow httpd to write to /srv/ftproo= > t) (for php/httpd unified) > setsebool -P allow_httpd_sys_script_anon_write on (allow httpd system cgi s= > cripts to write to /srv/ftproot (other cgi) > > # logs > /srv/www/logs(/.*)? httpd_sys_content_ra_t=20 > > # static content > /srv/www/html(/.*)? httpd_sys_content_t > > # cgi > /srv/www/cgi-bin(/.*)? httpd_sys_script_exec_t > > The above is just an example. It may or may not be what you would want. > > >=20 > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > --Fig2xvG2VGoz8o/s > Content-Type: application/pgp-signature > Content-Disposition: inline > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAksY2X4ACgkQMlxVo39jgT84SgCffFYU9S9JDB05qOuelRkKZgxR > PO8AoKssSIRvpVYEuZXCZOYZUXd9SZ0r > =nF/1 > -----END PGP SIGNATURE----- > > --Fig2xvG2VGoz8o/s-- > > > --===============0256136332== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > --===============0256136332==-- > -- Regards, David Highley Highley Recommended, Inc. Phone: (206) 669-0081 2927 SW 339th Street WEB: http://www.highley-recommended.com Federal Way, WA 98023-7732 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
