[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Small bug in apache.fc

From: Harry Hoffman <hhoffman ip-solutions net>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Subject: Small bug in apache.fc
Date: Sat, 01 Apr 2006 18:15:42 -0500

Hi,

apache.fc allows for webroot location to be under /srv but selinux
currently stops apache from searching under /srv (at least this seems to
be the case to me, but I'm fairly new to selinux).

From: file_contexts/program/apache.fc
/srv/([^/]*/)?www(/.*)?         system_u:object_r:httpd_sys_content_t

a ls -lZ of /  shows:
drwxr-xr-x  root     root     system_u:object_r:default_t      srv

running audit2allow -i /var/log/messages shows:
allow httpd_t default_t:dir search;

adding a local.te policy with:
allow httpd_t default_t:dir search;

fixes the problem and allows httpd to start without issue.

Cheers,
Harry

-- 
Harry Hoffman
Integrated Portable Solutions, LLC
877.846.5927 ext 1000
http://www.ip-solutions.net/

Follow-Ups:
- Re: Small bug in apache.fc
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]