Red Hat Bugzilla – Bug 160556
common context for shared data needed
Last modified: 2007-11-30 17:11:07 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Description of problem:
In looking at the policy for rsync, it looks like it is allowed access to files of types rsync_data_t and ftpd_anon_t. In my experience, shared data is commonly accessed by rsync, ftp, or httpd. Would it make sense to either have a shared_data_t that all three can access or to add httpd_sys_content_t to the rsync policy? Or is there some other type already defined for this type of thing?
Version-Release number of selected component (if applicable):
Since rsync and ftp can read ftpd_anon_t I think we should add a httpd, but we
should bring this up on a list. Maybe a shared_data_t might be a good idea. So
you could set up a boolean for each app to
FIxed in selinux-policy-targeted-1.25.1-1
What was the resolution? I don't see any of those booleans. I also just ran into
another case where it would be nice to add samba to the list.
I'd really like to know what the resolution to this was. I've searched the
policy source and can't find anything like a shared_data_t anywhere. I'm running
Thanks. I saw those but didn't make the connection - the apache.te seemed to be
the only domain that even referenced them and then only in a comment. Seems
anonymous_domain is the way those contexts are specified in the *.te files. I'll
test it out.
Look at the man pages
It is documented in there.
Thanks. It all seems to work perfectly.