No need for httpd_builtin_scripting to be set for httpd_t to be allowed to read files.

This commit is contained in:
Dominick Grift 2010-09-17 08:40:04 +02:00
parent c53b75bdd2
commit bbdbce34c2

View File

@ -1140,14 +1140,11 @@ tunable_policy(`httpd_enable_homedirs',`
') ')
tunable_policy(`httpd_read_user_content',` tunable_policy(`httpd_read_user_content',`
userdom_read_user_home_content_files(httpd_t)
userdom_read_user_home_content_files(httpd_user_script_t) userdom_read_user_home_content_files(httpd_user_script_t)
userdom_read_user_home_content_files(httpd_suexec_t) userdom_read_user_home_content_files(httpd_suexec_t)
') ')
tunable_policy(`httpd_read_user_content && httpd_builtin_scripting',`
userdom_read_user_home_content_files(httpd_t)
')
# Removal of fastcgi, will cause problems without the following # Removal of fastcgi, will cause problems without the following
typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t; typealias httpd_sys_script_exec_t alias httpd_fastcgi_script_exec_t;
typealias httpd_sys_content_t alias { httpd_fastcgi_content_t httpd_fastcgi_script_ro_t }; typealias httpd_sys_content_t alias { httpd_fastcgi_content_t httpd_fastcgi_script_ro_t };