No need for httpd_builtin_scripting to be set for httpd_t to be allowed to read files.

2010-09-17 08:40:04 +02:00 · 2010-09-17 08:40:04 +02:00 · bbdbce34c2
commit bbdbce34c2
parent c53b75bdd2
1 changed files with 1 additions and 4 deletions
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@ -1140,14 +1140,11 @@ tunable_policy(`httpd_enable_homedirs',`
 ')

 tunable_policy(`httpd_read_user_content',`
+	userdom_read_user_home_content_files(httpd_t)
 	userdom_read_user_home_content_files(httpd_user_script_t)
 	userdom_read_user_home_content_files(httpd_suexec_t)
 ')

-tunable_policy(`httpd_read_user_content && httpd_builtin_scripting',`
-	userdom_read_user_home_content_files(httpd_t)
-')
-
 # Removal of fastcgi, will cause problems without the following
 typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
 typealias httpd_sys_content_t alias { httpd_fastcgi_content_t httpd_fastcgi_script_ro_t };