[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: implications of httpd_unified
- From: Daniel J Walsh <dwalsh redhat com>
- To: Dominick Grift <domg472 gmail com>
- Cc: Fedora SELinux <fedora-selinux-list redhat com>
- Subject: Re: implications of httpd_unified
- Date: Tue, 17 Mar 2009 15:17:38 -0400
http_unified means, that all file types for httpd_sys_* are treated the
same way.
httpd_sys_content_t
httpd_sys_content_rw_t
httpd_sys_script_exec_t
httpd_sys_content_ra_t
If you turn on this boolean, and you want a script running as
httpd_sys_script_t or httpd_t can read/write/execute all http_sys file
types.
If you turn it off, the admin is responsible to make sure the labeling
is correct on all files. So if httpd_sys_script_t wants to write to a
file/directory, it needs to be labeled httpd_sys_content_rw_t.
httpd_sys_script_t can not interact with httpd_(NON sys)_content_t with
or without the boolean set.
the httpd_unified boolean does not effect any other
httpd_(NON sys)_script_t domains.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]