1 |
>> Which brings another question, how do I get simple policy changes |
2 |
>> merged? I've got a bunch of tweaks that I use here that other people |
3 |
>> will want to use eventually, like mysql support for postfix - a bit like |
4 |
>> the use flag: |
5 |
>> |
6 |
>> allow postfix_$1_t mysqld_t:unix_stream_socket connectto; |
7 |
>> allow postfix_$1_t mysqld_var_run_t:dir search; |
8 |
>> allow postfix_$1_t mysqld_var_run_t:sock_file write; |
9 |
> |
10 |
> Merged where? To the Gentoo policy? |
11 |
The gentoo package does have a use flag for mysql in postfix, but this |
12 |
change could apply equally well to the reference policy, right? |
13 |
|
14 |
>> Also, sorry to hijack the thread, but where can I enable |
15 |
>> apache_read_user_content? |
16 |
> |
17 |
> Not sure what you mean by this. |
18 |
To allow apache to read ~/public_html, I added: |
19 |
|
20 |
allow httpd_t file_t:file { getattr unlink }; |
21 |
allow httpd_t httpd_user_content_t:dir { getattr read search }; |
22 |
allow httpd_t httpd_user_content_t:file { getattr read }; |
23 |
allow httpd_t user_home_dir_t:dir { getattr search }; |
24 |
|
25 |
But surely there is a cleaner way of doing this using: |
26 |
apache_read_user_content( domain_prefix , domain ) |
27 |
and (optionally) |
28 |
apache_read_user_scripts( domain_prefix , domain ) |
29 |
|
30 |
Must be a boolean somewhere? |
31 |
|
32 |
Thanks |
33 |
Antoine |
34 |
-- |
35 |
gentoo-hardened@g.o mailing list |