well, I suppose it's a feature
I did more sasearch and looked what is allowed:
allow httpd_sys_script_t httpd_sys_script_ra_t : dir { ioctl read write getattr lock
add_name search };
allow httpd_sys_script_t httpd_sys_script_ro_t : dir { read getattr search };
allow httpd_sys_script_t httpd_sys_script_rw_t : dir { ioctl read write create getattr
setattr lock unlink link rename add_name remove_name reparent search rmdir };
so I have to relabel all files from httpd_sys_content_t to httpd_sys_script_ro_t in
Redhat? doesn't make much sense to me
Sincerely yours,
Vadym Chepkov
--- On Sat, 2/7/09, Dominick Grift <domg472(a)gmail.com> wrote:
From: Dominick Grift <domg472(a)gmail.com>
Subject: Re: awstats AVC denial
To: "Vadym Chepkov" <chepkov(a)yahoo.com>
Cc: "Fedora SELinux" <fedora-selinux-list(a)redhat.com>
Date: Saturday, February 7, 2009, 11:07 AM
On Sat, 2009-02-07 at 08:03 -0800, Vadym Chepkov wrote:
> Why?
That confirms that there is not any "tunable"
policy available and that
this is a bug in policy.
> Sincerely yours,
> Vadym Chepkov
>