Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 434892 - sec-policy/selinux-nginx-2.20120725-r5: no access to httpd_sys_rw_content_t
Summary: sec-policy/selinux-nginx-2.20120725-r5: no access to httpd_sys_rw_content_t
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sven Vermeulen (RETIRED)
Whiteboard: sec-policy r6
Depends on:
Blocks: 434916
  Show dependency tree
Reported: 2012-09-13 12:12 UTC by Vincent Brillault
Modified: 2012-12-13 10:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Vincent Brillault 2012-09-13 12:12:51 UTC
The current tunable policy that enables the nginx http server is:

This tunable policy doesn't give access to any content with the context 'httpd_sys_rw_content_t'. An additionnal 'apache_read_all_rw_content(nginx_t)' would partialy fixe the problem.
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2012-09-28 18:08:43 UTC
It's probably ok to use "apache_manage_all_rw_content(nginx_t)".

The rw-content is content defined to be writeable by webservers, so...
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2012-09-29 18:23:31 UTC
Will be part of -r6 release. Is committed to repository so live ebuilds should already provide it.
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2012-11-03 17:35:18 UTC
In hardened-dev, r6 release
Comment 4 Sven Vermeulen (RETIRED) gentoo-dev 2012-11-18 15:27:46 UTC
In main tree, ~arch'ed
Comment 5 Sven Vermeulen (RETIRED) gentoo-dev 2012-12-13 10:12:36 UTC
r8 is now stable