"Dominick Grift wrote:" > > > --===============1080715742== > Content-Type: multipart/signed; micalg=pgp-sha1; > protocol="application/pgp-signature"; boundary="llIrKcgUOe3dCx0c" > Content-Disposition: inline > > > --llIrKcgUOe3dCx0c > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Fri, Dec 04, 2009 at 06:45:39AM -0800, David Highley wrote: > > "Dominick Grift wrote:" > > >=20 > > >=20 > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0256136332=3D=3D > > > Content-Type: multipart/signed; micalg=3Dpgp-sha1; > > > protocol=3D"application/pgp-signature"; boundary=3D"Fig2xvG2VGoz8o/s" > > > Content-Disposition: inline > > >=20 > > >=20 > > > --Fig2xvG2VGoz8o/s > > > Content-Type: text/plain; charset=3Dus-ascii > > > Content-Disposition: inline > > > Content-Transfer-Encoding: quoted-printable > > >=20 > > > On Thu, Dec 03, 2009 at 08:35:56PM -0800, David Highley wrote: > > > > A common virtual web hosting set up would be a web root directory > > > > location with the following sub directories: > > > > ftp > > > > logs > > > > pages > > > > pages/cgi-bin > > > >=3D20 > > > > Under ftp you would have all that is needed for a chroot ftp sandbox. > > > > Since each virtual host would be a different user and or company how > > > > does one change sebool httpd_unified to off and get it all to work wi= > th > > > > selinux? > > >=20 > > > Well PHP needs httpd_unified but if you use CGI like perl or c or bash = > or w=3D > > > hatever then basically you would set httpd_enable_cgi and httpd_builtin= > _scr=3D > > > ipting booleans. Then label the locations with a proper type. > >=20 > > I'm not sure the statement that PHP needs httpd_unified on is correct in > > Fedora 12. I just finished doing some testing of Mythtv with this > > setting turned off. I tested all TV recording, weather, and streaming > > video available through the web interace and it all seems to be working > > now. Granted there is a lot more to full backend Mythtv setup but it was > > looking pretty good. Dan has put in two policy updates which should be > > out pretty soon. > >=20 > > I'm not done, but I also ran a quick test of squirrelmail with dovecot > > for off site email access and that appears to be working. Squirrelmail > > is all PHP. > > Do your php scripts run with the httpd_sys_script_t or with the httpd_t typ= > e? I have not had to change any labels for the PHP files. When I look at squirrelmail, ls -Z /usr/share/squirrelmail/class. I see: system_u:object_r:usr_t:s0 For all files. I do have httpd_builtin_scripting turned on and httpd_can_network_connect is on. For Mythtv I need to change /usr/share/mythtvweb/mythweb.pl to httpd_sys_script_exec_t and also /usr/share/mythtv/mythweather/scripts. Last it needed /usr/mythweb/data to be httpd_sys_content_t and the recording library storage area if you want to be able to stream video or play with other video players. > >=20 > > >=20 > > > for example: > > >=20 > > > # ftp: > > > /srv/ftproot(/.*)? public_content_rw_t > > > setsebool -P allow_ftpd_anon_write on (allow ftpd to write to /srv/ftpr= > oot > > > setsebool -P allow_httpd_anon_write on (allow httpd to write to /srv/ft= > proo=3D > > > t) (for php/httpd unified) > > > setsebool -P allow_httpd_sys_script_anon_write on (allow httpd system c= > gi s=3D > > > cripts to write to /srv/ftproot (other cgi) > > >=20 > > > # logs > > > /srv/www/logs(/.*)? httpd_sys_content_ra_t=3D20 > > >=20 > > > # static content > > > /srv/www/html(/.*)? httpd_sys_content_t > > >=20 > > > # cgi > > > /srv/www/cgi-bin(/.*)? httpd_sys_script_exec_t > > >=20 > > > The above is just an example. It may or may not be what you would want. > > >=20 > > > >=3D20 > > > > -- > > > > fedora-selinux-list mailing list > > > > fedora-selinux-list@xxxxxxxxxx > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > >=20 > > > --Fig2xvG2VGoz8o/s > > > Content-Type: application/pgp-signature > > > Content-Disposition: inline > > >=20 > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.4.10 (GNU/Linux) > > >=20 > > > iEYEARECAAYFAksY2X4ACgkQMlxVo39jgT84SgCffFYU9S9JDB05qOuelRkKZgxR > > > PO8AoKssSIRvpVYEuZXCZOYZUXd9SZ0r > > > =3DnF/1 > > > -----END PGP SIGNATURE----- > > >=20 > > > --Fig2xvG2VGoz8o/s-- > > >=20 > > >=20 > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0256136332=3D=3D > > > Content-Type: text/plain; charset=3D"us-ascii" > > > MIME-Version: 1.0 > > > Content-Transfer-Encoding: 7bit > > > Content-Disposition: inline > > >=20 > > > -- > > > fedora-selinux-list mailing list > > > fedora-selinux-list@xxxxxxxxxx > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0256136332=3D=3D-- > > >=20 > >=20 > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > --llIrKcgUOe3dCx0c > Content-Type: application/pgp-signature > Content-Disposition: inline > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iEYEARECAAYFAksZI14ACgkQMlxVo39jgT9eaACgyrpSQQw1T+mq+YBpylkmK46G > sTcAoJk0a7npKP8NHG5/ZkKzhXUp40WV > =5+Ix > -----END PGP SIGNATURE----- > > --llIrKcgUOe3dCx0c-- > > > --===============1080715742== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > --===============1080715742==-- > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
