SELinux/httpd integration
Colin Walters
walters at redhat.com
Mon Nov 22 23:01:24 UTC 2004
On Mon, 2004-11-22 at 17:59 -0500, Colin Walters wrote:
> On Mon, 2004-11-22 at 17:30 -0500, Yuichi Nakamura wrote:
>
> > I think it should grant fewer permissions.
> > Why httpd_t should write all contents in httpd_unified ?
>
> Ah, I see what you're saying now. Right. Dan added that recently for
> PHP scripts, I believe.
>
> > So, I feel that allowing httpd_t write permission to all contents is out of scope of httpd_unified.
>
> I agree now. Conceptually they are separate things. A new boolean like
> httpd_content_writable sounds good to me. Sorry about misunderstanding
> you originally.
Maybe "httpd_can_write_content" to give it a more active name.
More information about the fedora-selinux-list
mailing list