[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
httpd interface question
- From: Vadym Chepkov <chepkov yahoo com>
- To: Fedora SELinux <fedora-selinux-list redhat com>
- Subject: httpd interface question
- Date: Sat, 18 Jul 2009 20:03:40 -0700 (PDT)
Hi,
I have a question about httpd interface on RedHat 5.3
selinux-policy-targeted-2.4.6-203.el5
I have httpd_unified --> off
and I defined domain for subversion:
apache_content_template(svn)
I labeled my subversion hooks as httpd_svn_script_exec_t
and I expected it will be able to read files labeled as httpd_svn_content_t, but it is not the case:
type=AVC msg=audit(1247931060.612:40993): avc: denied { read } for pid=21405 comm="svn-mailer" name="svn-mailer.cfg" dev=sda1 ino=773360 scontext=user_u:system_r:httpd_svn_script_t:s0 tcontext=system_u:object_r:httpd_svn_content_t:s0 tclass=file
# sesearch -a -s httpd_svn_script_t -t httpd_svn_content_t
Found 1 av rules:
allow httpd_svn_script_t httpd_svn_content_t : dir { getattr search };
The question is, why only this and nothing else?
Sincerely yours,
Vadym Chepkov
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]