SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: apache-ssl mods for Debian This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Russell Coker <russell_at_coker.com.au> Date: Mon, 12 Apr 2004 16:29:46 +1000 On Mon, 12 Apr 2004 00:05, "Ed Street" <edstreet@street-tek.com> wrote: > I have included 2 patches I needed to get apache-ssl working under SID. +#needed to read /var/www +r_dir_file(httpd_t, var_t) This should not be needed, see the following in apache.fc: /var/www -d system_u:object_r:httpd_sys_content_t +allow httpd_t httpd_exec_t:dir { search }; I think it would be best to use the "--" type specifier on the httpd_exec_t lines so that we don't have a directory with that type, see the attached apache.fc. For exec'ing httpd_exec_t and for creating the sock_file I added the following: can_exec(httpd_t, httpd_exec_t) file_type_auto_trans(httpd_t, var_run_t, httpd_var_run_t, sock_file) I've attached my new Apache policy to this message, try it out and let me know how it goes. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. text/plain attachment: apache.fc text/plain attachment: apache.te Received on Mon 12 Apr 2004 - 02:31:26 EDT This message: [ Message body ] Next message: Russell Coker: "Re: booting in enforcing mode" Previous message: Bill McCarty: "Re: Problems finding working kernel/user land combination" In reply to: Ed Street: "apache-ssl mods for Debian" Next in thread: Ed Street: "RE: apache-ssl mods for Debian" Reply: Ed Street: "RE: apache-ssl mods for Debian" Reply: Ed Street: "RE: apache-ssl mods for Debian" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom