Il 2022-10-24 14:59 Gionatan Danti ha scritto:
I Zdenek, lets say I have a directory /var/www/html (type httpd_t)
which need to be served both by httpd and smbd (type smbd_t).
As I can not set two labels on such directory, I have an issue: if
leaving type httpd_t, then smbd can not access it; if setting type
smbd_t, then httpd can not access it.
Sure, one can use samba_export_all_ro and similar booleans for this
specific case. However, what if no appropriate booleans exists for the
two services I want to share the same data? Does seliux have special
provisioning for settings some files/dirs as "shared between these
domains, as if multiple labels were used" or one has to explicity
allow the required access via a custom selinux policy (ie: by using
audit2allow)?
Regards.
Hi all,
any suggestions about that?
When lacking an appropriate boolean, is audit2allow the only way to
allow access to files labeled for another domain? Or something can be
done by using semanage?
Regards.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. -
www.assyoma.it
email: g.danti(a)assyoma.it - info(a)assyoma.it
GPG public key ID: FF5F32A8