CGI on user directory
Daniel J Walsh
dwalsh at redhat.com
Tue May 10 14:25:48 UTC 2005
Yuichi Nakamura wrote:
>Daniel J Walsh <dwalsh at redhat.com> wrote:
>
>
>>Do you have the httpd_enable_homedirs boolean set?
>>I see policy that says:
>>if (httpd_enable_homedirs) {
>>allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir {
>>getattr search };
>>}
>>
>>
># getsebool httpd_enable_homedirs
>httpd_enable_homedirs --> active
>
>
>
>>Also your first message said
>>"allow httpd_suexec_t user_home_t:dir { read };"
>>was necessary
>>
>>
>I'm sorry, it was my mistake.
>I pasted allow statement in another test;)
>
>
>
>>This error requires
>>"allow httpd_suexec_t user_home_dir_t:dir { search };"
>>
>>
>Yes,
>"allow httpd_suexec_t user_home_dir_t:dir search;"
>is correct.
>
>
>
>>I see policy that says:
>>if (httpd_enable_homedirs) {
>>allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir {
>>getattr search };
>>}
>>
>>
>This appears in apache_user_domain macro,
>but it seems that apache_user_domain is not used in targeted policy.
>
>
>
Yes nice catch. I will fix.
>---
>Yuichi Nakamura
>
>
--
More information about the fedora-selinux-list
mailing list