On 09/27/2011 11:37 AM, Vadym Chepkov wrote: > On Sep 27, 2011, at 9:01 AM, Miroslav Grepl wrote: > >> On 09/25/2011 12:34 AM, Vadym Chepkov wrote: >>> Hi, >>> >>> I think man httpd_selinux is outdated in RHEL6 >>> >>> it looks like proper name for httpd_sys_content_rw_t is httpd_sys_rw_content_t. >>> >>> at least rectorecon is trying to correct it all the time : >>> >>> for example: >>> >>> restorecon reset /var/www/sel_blog/wp-content/uploads/2011/01/logo-150x150.jpg context system_u:object_r:httpd_sys_rw_content_t:s0->system_u:object_r:httpd_sys_content_rw_t:s0 >>> >>> Vadym >>> >>> -- >>> selinux mailing list >>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >> Vadym, >> >> rpm -q selinux-policy > > Yep, I upgraded to 6.1 and manual was changed. It is still inconsistent though: > > selinux-policy-3.7.19-93.el6_1.7.noarch > > man httpd_selinux > > httpd_sys_rw_content_t > - Set files with httpd_sys_rw_content_t if you want httpd_sys_script_exec_t scripts and the daemon to read/write the data, and dis- > allow other non sys scripts from access. > httpd_sys_content_ra_t > - Set files with httpd_sys_content_ra_t if you want httpd_sys_script_exec_t scripts and the daemon to read/append to the file, and > disallow other non sys scripts from access. > > why "rw" is a prefix, but "ra" is a suffix ? > > Thanks, > Vadym > > We have more fixes in the latest RHEL6.2 policy but this is a bug which needs to be fixed. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
