SELinux & apache/httpd access to /home/*/www
Stephen Smalley
sds at epoch.ncsc.mil
Fri Sep 17 13:31:30 UTC 2004
On Fri, 2004-09-17 at 08:49, Stephen Smalley wrote:
> It should only require search permission to home_root_t and
> user_home_dir_t in order to lookup /home/<username>/www, and then have
> read permission to httpd_user_content_t. Naturally, someone (Dan,
> Russell, me, whoever) should verify that, but in the past, that was
> sufficient.
I can successfully access web content in a user's home directory (under
public_html, since that is what is enabled in my httpd.conf, but same
security context) with the current FC3/devel targeted policy (don't know
about the FC3/test1 policy - that was back in July, and a lot has
changed). httpd_t only has search and getattr permissions to
home_root_t and user_home_dir_t, but has read/search/getattr to
httpd_sys_content_t (and httpd_user_content_t is just an alias in the
targeted policy). Might want to yum update your system against rawhide
(at least selinux-policy-targeted and selinux-policy-targeted-sources)
and retry, or wait for test2 on Sep 20th and try it.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list