I suspect I'm going to be told to go away and read a book on the topic, but I thought I'd ask anyway
It seems the topic of SELinux is a bottomless pit of despair!
Anyway, I have users that access a development server via SFTP and SSH and upload files that manage maintain their type context of user_home_t. Apache cannot read these files, and so somebody with sudo needs to teach those files a lesson.
I'm aware I can set SELinux to permissive, but I (and my company) are quite preferable to the the "deny all, allow only" approach to security, which I'd like to maintain.
Essentially I'd like to allow Apache to access the user_home_t only within /var/www/ although I'm not seeing any evidence on my travels that policies like this can be limited to specific directories.
Does anybody have any killer advice for my situation?
Thanks in advance