Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 160556

Summary: common context for shared data needed
Product: [Fedora] Fedora Reporter: Thomas J. Baker <tjb>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Severity: medium Docs Contact:
Priority: medium    
Version: 4Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: 1.25.1-1 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-25 15:00:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Thomas J. Baker 2005-06-15 19:45:52 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
In looking at the policy for rsync, it looks like it is allowed access to files of types rsync_data_t and ftpd_anon_t. In my experience, shared data is commonly accessed by rsync, ftp, or httpd. Would it make sense to either have a shared_data_t that all three can access or to add httpd_sys_content_t to the rsync policy? Or is there some other type already defined for this type of thing?

Version-Release number of selected component (if applicable):

How reproducible:
Didn't try

Additional info:

Comment 1 Daniel Walsh 2005-06-15 20:17:43 UTC
Since rsync and ftp can read ftpd_anon_t I think we should add a httpd, but we
should bring this up on a list.  Maybe a shared_data_t might be a good idea.  So
you could set up a boolean for each app to 


Comment 2 Daniel Walsh 2005-08-25 15:00:33 UTC
FIxed in selinux-policy-targeted-1.25.1-1

Comment 3 Thomas J. Baker 2005-09-15 01:32:16 UTC
What was the resolution? I don't see any of those booleans. I also just ran into
another case where it would be nice to add samba to the list.

Comment 4 Thomas J. Baker 2005-12-06 20:48:04 UTC
I'd really like to know what the resolution to this was. I've searched the
policy source and can't find anything like a shared_data_t anywhere. I'm running

Comment 5 Daniel Walsh 2005-12-07 17:09:46 UTC
public_content_t, public_content_rw_t

Comment 6 Thomas J. Baker 2005-12-07 20:18:03 UTC
Thanks. I saw those but didn't make the connection - the apache.te seemed to be
the only domain that even referenced them and then only in a comment. Seems
anonymous_domain is the way those contexts are specified in the *.te files. I'll
test it out.

Comment 7 Daniel Walsh 2005-12-07 21:06:14 UTC
Look at the man pages

man httpd_selinux
man ftpd_selinux

It is documented in there.

Comment 8 Thomas J. Baker 2005-12-07 21:10:27 UTC
Thanks. It all seems to work perfectly.