Il 2022-10-24 14:59 Gionatan Danti ha scritto:
I Zdenek, lets say I have a directory /var/www/html (type httpd_t)
which need to be served both by httpd and smbd (type smbd_t).
As I can not set two labels on such directory, I have an issue: if
leaving type httpd_t, then smbd can not access it; if setting type
smbd_t, then httpd can not access it.
Sure, one can use samba_export_all_ro and similar booleans for this
specific case. However, what if no appropriate booleans exists for the
two services I want to share the same data? Does seliux have special
provisioning for settings some files/dirs as "shared between these
domains, as if multiple labels were used" or one has to explicity
allow the required access via a custom selinux policy (ie: by using
audit2allow)?
Regards.
Hi all,
any suggestions about that?
When lacking an appropriate boolean, is audit2allow the only way to
allow access to files labeled for another domain? Or something can be
done by using semanage?
Regards.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
