Description of problem: I have a php web application that uses sqlite. The program lives in my $HOME/public_html/ directory. The sqlite database file is in this directory. So, I need to allow apache to write to the $HOME/public_html directory in order have it update the database. I used the selinux-apache document to get as far as I did, but this inability to write to the public_html directory caused me to set selinux to 'warn' only. This is probably something that would fit well in this document.
I'm assigning this to Karsten since he is working with Colin on this document.
PHP kind of throws a wrench into our original design; because it runs in-process, it requires httpd_t to have direct write access to httpd_sys_content_t, etc. See: http://www.redhat.com/archives/fedora-selinux-list/2004-November/msg00097.html
Does this need an FAQ entry for FC4 or FC5? Reassigning, please evaluate for usage, or close as WONTFIX. Thanks.
With strict policy, this will require a policy change, as there is no type that allows apache/php write access as well as user_t. For targeted, this can get httpd_sys_script_rw_t, just like the other php script FAQ (possibly merged), and the user in unconfined_t can still access it.
Addressed in cvs