SELinux context for data to be shared using both httpd and samba?

Stephen Smalley sds at tycho.nsa.gov
Tue Jun 28 14:04:49 UTC 2005


On Mon, 2005-06-27 at 22:02 +0100, Paul Howarth wrote:
> Perhaps this is really a question for the selinux list, but I expect
> someone here must have come across this before.
> 
> I've got a software archive sitting on a file server, and this includes
> both Windows software (to be shared out using samba) and a local yum
> repository (to be shared out using httpd).
> 
> The SELinux manual tells me to use one set of contexts for sharing data
> using httpd and another set for sharing data using samba. The files can
> each only have one context as far as I know, so how do I resolve this
> conflict without turning off SELinux protection for one of the daemons?
> Add permissions for one daemon to be able to access the other's data?
> What's the way other people handle this?

Define a new type for this purpose, and allow both httpd and samba to
access it.  Presently requires installing policy sources, modifying them
accordingly, and rebuilding your policy.  Support for policy modules is
coming, but not until FC5.

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list