| 1 |
>> Which brings another question, how do I get simple policy changes |
| 2 |
>> merged? I've got a bunch of tweaks that I use here that other people |
| 3 |
>> will want to use eventually, like mysql support for postfix - a bit like |
| 4 |
>> the use flag: |
| 5 |
>> |
| 6 |
>> allow postfix_$1_t mysqld_t:unix_stream_socket connectto; |
| 7 |
>> allow postfix_$1_t mysqld_var_run_t:dir search; |
| 8 |
>> allow postfix_$1_t mysqld_var_run_t:sock_file write; |
| 9 |
> |
| 10 |
> Merged where? To the Gentoo policy? |
| 11 |
The gentoo package does have a use flag for mysql in postfix, but this |
| 12 |
change could apply equally well to the reference policy, right? |
| 13 |
|
| 14 |
>> Also, sorry to hijack the thread, but where can I enable |
| 15 |
>> apache_read_user_content? |
| 16 |
> |
| 17 |
> Not sure what you mean by this. |
| 18 |
To allow apache to read ~/public_html, I added: |
| 19 |
|
| 20 |
allow httpd_t file_t:file { getattr unlink }; |
| 21 |
allow httpd_t httpd_user_content_t:dir { getattr read search }; |
| 22 |
allow httpd_t httpd_user_content_t:file { getattr read }; |
| 23 |
allow httpd_t user_home_dir_t:dir { getattr search }; |
| 24 |
|
| 25 |
But surely there is a cleaner way of doing this using: |
| 26 |
apache_read_user_content( domain_prefix , domain ) |
| 27 |
and (optionally) |
| 28 |
apache_read_user_scripts( domain_prefix , domain ) |
| 29 |
|
| 30 |
Must be a boolean somewhere? |
| 31 |
|
| 32 |
Thanks |
| 33 |
Antoine |
| 34 |
-- |
| 35 |
gentoo-hardened@g.o mailing list |
Archives