From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 6 Dec 2011 16:26:21 +0000 (-0500)
Subject: Lets remove global label for logs directories under /var/www, if we have specific... 
X-Git-Tag: 000~37
X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fselinux-policy.git;a=commitdiff_plain;h=75d5d7f6eeee89f7d03709113e6117341b31c15b

Lets remove global label for logs directories under /var/www, if we have specific needs we should add label for those directories
---

diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
index 34ebed57..c7387956 100644
--- a/policy/modules/services/apache.fc
+++ b/policy/modules/services/apache.fc
@@ -124,8 +124,6 @@ ifdef(`distro_debian', `
 /var/spool/viewvc(/.*)?			gen_context(system_u:object_r:httpd_sys_rw_content_t, s0)
 
 /var/www(/.*)?				gen_context(system_u:object_r:httpd_sys_content_t,s0)
-/var/www(/.*)?/logs(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
-/var/www/html(/.*)?/logs(/.*)?		gen_context(system_u:object_r:httpd_sys_content_t,s0)
 /var/www/[^/]*/cgi-bin(/.*)?		gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 /var/www/cgi-bin(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
 /var/www/icons(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)