File: //usr/share/setroubleshoot/plugins/__pycache__/httpd_unified.cpython-36.opt-1.pyc
3
nm�au��������������������@���sD���d�d�l�Z�e�j�d�d�d���Z�e�j�Z�d�d�l�Z�d�d�l�m�Z���G�d�d���d�e���Z�d�S�)������Nz�setroubleshoot-pluginsT)�Z�fallback)���Pluginc����������������@���sL���e�Z�d�Z�e�d���Z�e�d���Z�e�d���Z�d�Z�e�d���Z�e�d���Z d�Z
d�d ��Z�d
d���Z�d�S�)
��pluginz?
SELinux prevented httpd $ACCESS access to http files.
aZ���
SELinux prevented httpd $ACCESS access to http files.
Ordinarily httpd is allowed full access to all files labeled with http file
context. This machine has a tightened security policy with the $BOOLEAN
turned off, this requires explicit labeling of all files. If a file is
a cgi script it needs to be labeled with httpd_TYPE_script_exec_t in order
to be executed. If it is read only content, it needs to be labeled
httpd_TYPE_content_t. If it is writable content, it needs to be labeled
httpd_TYPE_script_rw_t or httpd_TYPE_script_ra_t. You can use the
chcon command to change these context. Please refer to the man page
"man httpd_selinux" or
<a href="http://fedora.redhat.com/docs/selinux-apache-fc3">FAQ</a>
"TYPE" refers to one of "sys", "user" or "staff" or potentially other
script types.
zg
Changing the "$BOOLEAN" boolean to true will allow this access:
"setsebool -P $BOOLEAN=1"
z�setsebool -P $BOOLEAN=1zcIf you want to allow httpd to execute cgi scripts and to unify HTTPD handling of all content files.z_you must tell SELinux about this by enabling the 'httpd_unified' and 'http_enable_cgi' booleansz1# setsebool -P httpd_unified=1 httpd_enable_cgi=1c����������������C���s����t�j�|�t�����|�j�d�����d�S�)�N�����)�r������__init__��__name__Z�set_priority)���self��r�����2/usr/share/setroubleshoot/plugins/httpd_unified.pyr����=���s��������z�plugin.__init__c����������������C���sL���|�j�d���rH|�j�d���rH|�j�d�k�s(|�j�d�k�rHt�j�d�����rHt�j�d�����rH|�j���S�d�S�)�Nz�httpd_t httpd_.*_script_tz httpd_.*t��file��dirZ
httpd_unifiedZ�httpd_enable_cgi)�Z�matches_source_typesZ�matches_target_typesZ�tclass��selinuxZ�security_get_boolean_activeZ�report)�r����Z�avcr����r����r �����analyzeA���s������
�
���������z�plugin.analyzeN)
r�����
__module__��__qualname__��_Z�summaryZ�problem_descriptionZ�fix_descriptionZ�fix_cmdZ�if_textZ then_textZ�do_textr����r
���r����r����r����r ���r��������s����������������������������r����)���gettextZ�translationr����r����Z�setroubleshoot.Pluginr����r����r����r����r����r �����<module>����s
�������������