Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: apache-ssl mods for Debian
From: Russell Coker <russell_at_coker.com.au>
Date: Mon, 12 Apr 2004 16:29:46 +1000
+#needed to read /var/www
This should not be needed, see the following in apache.fc: /var/www -d system_u:object_r:httpd_sys_content_t +allow httpd_t httpd_exec_t:dir { search }; I think it would be best to use the "--" type specifier on the httpd_exec_t lines so that we don't have a directory with that type, see the attached apache.fc.
For exec'ing httpd_exec_t and for creating the sock_file I added the
following:
I've attached my new Apache policy to this message, try it out and let me know how it goes. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home pageReceived on Mon 12 Apr 2004 - 02:31:26 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |