Yuichi Nakamura wrote:
Daniel J Walsh dwalsh@redhat.com wrote:
Do you have the httpd_enable_homedirs boolean set? I see policy that says: if (httpd_enable_homedirs) { allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir { getattr search }; }
# getsebool httpd_enable_homedirs httpd_enable_homedirs --> active
Also your first message said "allow httpd_suexec_t user_home_t:dir { read };" was necessary
I'm sorry, it was my mistake. I pasted allow statement in another test;)
This error requires "allow httpd_suexec_t user_home_dir_t:dir { search };"
Yes, "allow httpd_suexec_t user_home_dir_t:dir search;" is correct.
I see policy that says: if (httpd_enable_homedirs) { allow { httpd_t httpd_suexec_t httpd_$1_script_t } $1_home_dir_t:dir { getattr search }; }
This appears in apache_user_domain macro, but it seems that apache_user_domain is not used in targeted policy.
Yes nice catch. I will fix.
Yuichi Nakamura