CGI on user directory

Daniel J Walsh dwalsh at redhat.com
Tue May 10 14:25:48 UTC 2005


Yuichi Nakamura wrote:

>Daniel J Walsh <dwalsh at redhat.com> wrote:
>  
>
>>Do you have the httpd_enable_homedirs boolean set?
>>I see policy that says:
>>if (httpd_enable_homedirs) {
>>allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir { 
>>getattr search };
>>}
>>    
>>
># getsebool httpd_enable_homedirs
>httpd_enable_homedirs --> active
>
>  
>
>>Also your first message said
>>"allow httpd_suexec_t user_home_t:dir { read };"
>>was necessary
>>    
>>
>I'm sorry, it was my mistake.
>I pasted allow statement in another test;)
>
>  
>
>>This error requires
>>"allow httpd_suexec_t user_home_dir_t:dir { search };"
>>    
>>
>Yes, 
>"allow httpd_suexec_t user_home_dir_t:dir search;"
>is correct.
>
>  
>
>>I see policy that says:
>>if (httpd_enable_homedirs) {
>>allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir { 
>>getattr search };
>>}
>>    
>>
>This appears in apache_user_domain macro, 
>but it seems that apache_user_domain is not used in targeted policy.
>
>  
>
Yes nice catch.  I will fix. 

>---
>Yuichi Nakamura
>  
>


-- 





More information about the fedora-selinux-list mailing list